641d9dc5fc63f8188e3148ed90e5206bf55b973790a4f10342c118c2c48c4e8a

Analysis

max time kernel
21s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
Size

275KB
MD5

a5eeb940fa9e03f1d5d1813db8f0917e
SHA1

c14f424d69006044b619f3ffd0f49d4275cc3227
SHA256

641d9dc5fc63f8188e3148ed90e5206bf55b973790a4f10342c118c2c48c4e8a
SHA512

53e8c7518ed983a63651e7be411962fbd7815e0f80e8290443c9b8812cdaadf19bd3a748850e4be5b766f92b91bfb2152733b6b89424900d6f856088549df9d7
SSDEEP

6144:YjluQoSPIo5R4nM/40yJNB+/F5g3s2N1uzqVA2ZjQ0gkf3dCG8xRvY/:YEQoSpqhe6bo2A2Xf3dCTY/

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1616-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x0007000000014207-5.dat	upx
behavioral1/memory/2412-61-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/852-91-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2396-92-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2340-94-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1288-96-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1612-98-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2116-102-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1288-104-0x0000000004F10000-0x0000000004F30000-memory.dmp	upx
behavioral1/memory/1616-103-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2412-106-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/852-109-0x0000000001EF0000-0x0000000001F10000-memory.dmp	upx
behavioral1/memory/852-110-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2352-115-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1660-118-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1908-120-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1288-119-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2340-117-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2020-114-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2396-112-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2304-108-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1612-121-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1560-122-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2116-124-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2732-125-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1124-127-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2304-126-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1788-131-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/852-129-0x0000000001EF0000-0x0000000001F10000-memory.dmp	upx
behavioral1/memory/2372-134-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2020-133-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2352-135-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2220-136-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1660-137-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1748-140-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2380-139-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1908-138-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1260-143-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2732-144-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/288-146-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/800-145-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1124-147-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1560-151-0x0000000004F10000-0x0000000004F30000-memory.dmp	upx
behavioral1/memory/1708-148-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1788-150-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2372-152-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2128-154-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2220-153-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2352-155-0x0000000004580000-0x00000000045A0000-memory.dmp	upx
behavioral1/memory/2380-156-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1748-157-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1260-160-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/800-161-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2784-167-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1708-166-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2536-165-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1788-164-0x0000000004CE0000-0x0000000004D00000-memory.dmp	upx
behavioral1/memory/288-163-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/880-168-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2560-170-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1876-171-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2568-172-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1948-173-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\B:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\E:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\H:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\T:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\W:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\R:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\V:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\I:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\K:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\L:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\M:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\N:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\P:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\J:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\S:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\U:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\Y:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\G:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\O:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\Q:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\X:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File opened (read-only)	\??\Z:	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\beast fucking girls .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american bukkake several models nipples .zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african beast porn hot (!) .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish hardcore full movie hole black hairunshaved (Jade,Janette).rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cum girls sweet (Sarah,Ashley).zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish gang bang horse sleeping blondie .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\action handjob big gorgeoushorny .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\nude bukkake uncut balls (Britney).mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\british sperm handjob masturbation traffic (Britney,Janette).mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese horse catfight titts granny .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\hardcore masturbation fishy .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\Templates\swedish xxx trambling uncut boots (Melissa,Sarah).rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian hardcore lesbian fishy .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\malaysia fetish lingerie big mistress .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\beast voyeur .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\malaysia nude [free] .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\spanish porn several models swallow .zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\horse hidden ash (Britney,Gina).zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese xxx horse full movie sm (Jenna).mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\blowjob blowjob several models .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Temp\chinese fucking bukkake licking ejaculation .zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese gay action licking girly .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\german porn horse full movie castration (Britney).mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\swedish sperm horse several models balls .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse full movie hotel .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\african horse [milf] hole .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\security\templates\malaysia hardcore fetish sleeping .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\blowjob trambling catfight blondie .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\african blowjob bukkake public ash hairy .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\french trambling catfight titts .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\beast xxx big .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\gang bang licking .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\spanish trambling licking pregnant (Liz,Sonja).rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\InstallTemp\sperm trambling public lady .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\indian xxx animal [free] young .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\german sperm hardcore lesbian shower .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\fetish hot (!) cock shoes .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\american cum full movie circumcision .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\swedish horse fetish [free] .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\indian handjob public (Melissa).mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\norwegian beastiality public .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\horse beastiality catfight sm .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\african gay bukkake girls .zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\japanese horse hidden bedroom (Jade,Kathrin).mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beast fetish big girly .zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\italian horse public (Jade,Janette).mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\japanese beast lingerie several models .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\french gay gay sleeping .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\beast horse [free] vagina femdom .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\animal beast masturbation .zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\japanese beastiality [bangbus] bondage .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\brasilian fucking full movie girly .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\malaysia sperm cum hidden ìï .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\hardcore uncut granny .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\assembly\temp\danish cumshot fetish [free] ejaculation .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish xxx full movie .zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\british horse masturbation bondage .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\lingerie porn catfight beautyfull .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse fetish hot (!) castration .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\asian action big .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\italian fetish voyeur stockings .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\african hardcore cum hidden (Ashley,Jenna).zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish horse girls nipples 40+ .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\african animal big hole (Sylvia).avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\swedish hardcore horse big (Karin,Liz).rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\beastiality hardcore hot (!) girly .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\fucking [bangbus] fishy .zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\canadian animal public .avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian animal sleeping traffic .zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gay action licking pregnant (Gina).zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\malaysia sperm fetish girls young (Liz).zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\Download\spanish fetish [free] latex .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\xxx cum masturbation .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\asian sperm hidden hole high heels (Sonja).zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\mssrv.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\american horse licking .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\lesbian xxx licking (Anniston,Karin).zip.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\beastiality lingerie uncut sm (Jade).rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\spanish gay animal hidden bondage .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\horse girls .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\brasilian beast hot (!) .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\Temp\blowjob voyeur .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\gang bang several models glans wifey .rar.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\asian lingerie sleeping feet young (Tatjana).avi.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\spanish horse several models boobs shower .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\assembly\tmp\african hardcore trambling lesbian hotel .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\trambling handjob voyeur granny .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\tyrkish gang bang uncut granny .mpg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\canadian lesbian hot (!) fishy .mpeg.exe	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2340	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1288	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1612	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1560	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2116	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2304	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2340	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2020	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2352	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1660	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1908	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1288	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1612	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2732	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1560	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1124	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1788	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2372	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2116	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2220	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2304	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2380	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1748	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2340	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2020	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2020	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2352	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2352	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1612	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1612	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1260	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1260	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1708	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1708	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1288	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1288	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
800	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
800	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
288	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
288	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1660	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1660	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1908	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1908	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
2784	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 2412	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	28
PID 1616 wrote to memory of 2412	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	28
PID 1616 wrote to memory of 2412	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	28
PID 1616 wrote to memory of 2412	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	28
PID 2412 wrote to memory of 852	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	29
PID 2412 wrote to memory of 852	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	29
PID 2412 wrote to memory of 852	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	29
PID 2412 wrote to memory of 852	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	29
PID 1616 wrote to memory of 2396	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	30
PID 1616 wrote to memory of 2396	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	30
PID 1616 wrote to memory of 2396	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	30
PID 1616 wrote to memory of 2396	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	30
PID 852 wrote to memory of 2340	852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	31
PID 852 wrote to memory of 2340	852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	31
PID 852 wrote to memory of 2340	852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	31
PID 852 wrote to memory of 2340	852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	31
PID 2396 wrote to memory of 1288	2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	32
PID 2396 wrote to memory of 1288	2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	32
PID 2396 wrote to memory of 1288	2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	32
PID 2396 wrote to memory of 1288	2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	32
PID 2412 wrote to memory of 1612	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	33
PID 2412 wrote to memory of 1612	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	33
PID 2412 wrote to memory of 1612	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	33
PID 2412 wrote to memory of 1612	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	33
PID 1616 wrote to memory of 1560	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	34
PID 1616 wrote to memory of 1560	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	34
PID 1616 wrote to memory of 1560	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	34
PID 1616 wrote to memory of 1560	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	34
PID 2340 wrote to memory of 2116	2340	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	35
PID 2340 wrote to memory of 2116	2340	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	35
PID 2340 wrote to memory of 2116	2340	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	35
PID 2340 wrote to memory of 2116	2340	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	35
PID 1288 wrote to memory of 2304	1288	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	36
PID 1288 wrote to memory of 2304	1288	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	36
PID 1288 wrote to memory of 2304	1288	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	36
PID 1288 wrote to memory of 2304	1288	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	36
PID 1612 wrote to memory of 1660	1612	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	38
PID 1612 wrote to memory of 1660	1612	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	38
PID 1612 wrote to memory of 1660	1612	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	38
PID 1612 wrote to memory of 1660	1612	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	38
PID 852 wrote to memory of 2020	852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	37
PID 852 wrote to memory of 2020	852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	37
PID 852 wrote to memory of 2020	852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	37
PID 852 wrote to memory of 2020	852	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	37
PID 1560 wrote to memory of 2352	1560	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	39
PID 1560 wrote to memory of 2352	1560	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	39
PID 1560 wrote to memory of 2352	1560	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	39
PID 1560 wrote to memory of 2352	1560	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	39
PID 2396 wrote to memory of 1908	2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	40
PID 2396 wrote to memory of 1908	2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	40
PID 2396 wrote to memory of 1908	2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	40
PID 2396 wrote to memory of 1908	2396	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	40
PID 1616 wrote to memory of 2732	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	41
PID 1616 wrote to memory of 2732	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	41
PID 1616 wrote to memory of 2732	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	41
PID 1616 wrote to memory of 2732	1616	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	41
PID 2412 wrote to memory of 1124	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	42
PID 2412 wrote to memory of 1124	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	42
PID 2412 wrote to memory of 1124	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	42
PID 2412 wrote to memory of 1124	2412	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	42
PID 2116 wrote to memory of 1788	2116	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	43
PID 2116 wrote to memory of 1788	2116	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	43
PID 2116 wrote to memory of 1788	2116	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	43
PID 2116 wrote to memory of 1788	2116	a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe	43

C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:852
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        10⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        11⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        10⤵
        
        PID:18384
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:19628
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        10⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:18608
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:21304
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        10⤵
        
        PID:18664
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:23224
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:18656
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:19476
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:18640
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        10⤵
        
        PID:18940
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:20356
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:21268
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:18896
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:19556
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19508
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18580
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:20936
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:18544
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19700
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:18688
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19652
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19036
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20948
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:21040
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18460
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18232
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:18932
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:23232
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20104
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20348
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19668
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:23216
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:17460
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19540
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:21024
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:21200
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20152
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19168
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:19724
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19516
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18436
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18292
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20640
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20396
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19644
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18672
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:20276
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:800
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:25800
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:17548
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20292
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19056
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:21032
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18956
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20056
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19716
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19856
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18912
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18516
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:20832
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19692
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:18400
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:20512
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:19176
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:21500
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:20212
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20732
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:16548
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20324
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:20380
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18852
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20372
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20388
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18868
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:17864
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19136
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:18616
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18408
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:16556
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19964
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20064
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:15432
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20800
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:17476
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18860
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19764
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:21492
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:21484
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:17508
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:20916
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:23248
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:11312
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:18244
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19524
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:21164
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18972
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20236
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19604
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19192
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18716
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:21256
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20088
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:10496
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:20420
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20724
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:17208
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20080
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:21288
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19128
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:16620
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:20404
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:984
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18632
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19788
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:23240
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:8000
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:19088
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:16628
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:9864
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:20984
- C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:18836
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:18964
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:19500
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:20784
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:17180
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20308
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20436
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18948
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19112
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        9⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:20956
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:19732
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19780
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19676
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19636
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19096
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19708
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19684
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:19756
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18980
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20244
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18680
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20700
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18624
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:16588
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18844
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20468
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19468
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:21016
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:20112
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19808
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:23256
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18904
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:19484
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:288
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19184
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:21216
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20332
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20452
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20412
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:13764
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19048
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19104
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:20316
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19588
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18468
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19012
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:18736
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19912
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18344
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20364
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19740
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:20520
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18508
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:20268
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:20444
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19072
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:20816
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:12652
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:21232
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:9720
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:16224
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:21208
- C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1560
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:20676
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        8⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19772
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:19160
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19580
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20684
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19492
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20716
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19748
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18988
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:18444
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19200
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20884
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20776
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20284
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19120
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:21248
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:20460
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19024
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:17192
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18764
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18744
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19144
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:16596
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:21240
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18352
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19064
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:17008
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18752
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:12804
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:19080
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:20428
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:9712
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:21224
- C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        7⤵
        
        PID:20340
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:18452
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:20072
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:17572
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:19948
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19864
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:20692
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:10368
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:21008
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18304
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19548
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:20824
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:18880
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:13524
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:10360
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:17172
- C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
  2⤵
  PID:880
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        6⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19660
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:20220
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:20252
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:20764
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:18648
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:12812
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:18996
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:16580
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:9752
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:14748
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:20260
- C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
  2⤵
  PID:268
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
        5⤵
        
        PID:19848
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:19152
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:19004
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:9872
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:20228
- C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
  2⤵
  PID:3672
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
      4⤵
      PID:19800
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:10668
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:20748
- C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
  2⤵
  PID:5820
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:12304
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:20792
- C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
  2⤵
  PID:9068
- - C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
    3⤵
    PID:25092
- C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a5eeb940fa9e03f1d5d1813db8f0917e_JaffaCakes118.exe"
  2⤵
  PID:18360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\japanese xxx horse full movie sm (Jenna).mpg.exe

Filesize
460KB

MD5
7f03367c7c68fd17688f25b02e8d3685

SHA1
3c1a02e38a6b137bd5cea6ee4302c91675128884

SHA256
9648061baf380dbdc839a654c30ffb88f4550dce4142c7375aa116e1929fb6ec

SHA512
bc92de5988dd689ec4d2a566954d1324288dc59195238c60ed92f0187451ef44daeb26ca977bef6322c00ebce830db9c8ddfb66718ab4136459495102331e972

Download Submit
C:\debug.txt

Filesize
183B

MD5
fa7e9765526e446b253cdb499f0d4da4

SHA1
d8e8500f65cc5d0d67199314eebe761a8757a0e3

SHA256
2ec52906eb249447968745061c984d41a8816d025c2e31fbe16410a7980e22d3

SHA512
3d217c282d8a3eaa7e52f727f0fa89eba12495793a1de9568bd3f648b80f33ebc7a93c4466db025e45e083f22facf512aa00771ea845cfde7e224db3bc4e640f

Download Submit
memory/288-163-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/288-146-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/628-183-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/800-145-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/800-161-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/852-109-0x0000000001EF0000-0x0000000001F10000-memory.dmp

Filesize
128KB

Download
memory/852-142-0x0000000001EF0000-0x0000000001F10000-memory.dmp

Filesize
128KB

Download
memory/852-159-0x0000000001EF0000-0x0000000001F10000-memory.dmp

Filesize
128KB

Download
memory/852-93-0x0000000001EA0000-0x0000000001EC0000-memory.dmp

Filesize
128KB

Download
memory/852-116-0x0000000001EA0000-0x0000000001EC0000-memory.dmp

Filesize
128KB

Download
memory/852-110-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/852-91-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/852-129-0x0000000001EF0000-0x0000000001F10000-memory.dmp

Filesize
128KB

Download
memory/880-168-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/888-180-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1028-185-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1124-147-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1124-127-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1260-143-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1260-160-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1288-104-0x0000000004F10000-0x0000000004F30000-memory.dmp

Filesize
128KB

Download
memory/1288-119-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1288-96-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1560-151-0x0000000004F10000-0x0000000004F30000-memory.dmp

Filesize
128KB

Download
memory/1560-132-0x0000000004DD0000-0x0000000004DF0000-memory.dmp

Filesize
128KB

Download
memory/1560-113-0x0000000004DD0000-0x0000000004DF0000-memory.dmp

Filesize
128KB

Download
memory/1560-122-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1612-121-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1612-98-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1612-158-0x0000000004AE0000-0x0000000004B00000-memory.dmp

Filesize
128KB

Download
memory/1612-141-0x0000000004AE0000-0x0000000004B00000-memory.dmp

Filesize
128KB

Download
memory/1616-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1616-105-0x0000000004D70000-0x0000000004D90000-memory.dmp

Filesize
128KB

Download
memory/1616-111-0x0000000004D70000-0x0000000004D90000-memory.dmp

Filesize
128KB

Download
memory/1616-60-0x0000000004D70000-0x0000000004D90000-memory.dmp

Filesize
128KB

Download
memory/1616-99-0x0000000004D70000-0x0000000004D90000-memory.dmp

Filesize
128KB

Download
memory/1616-103-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1660-118-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1660-137-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1708-166-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1708-148-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1748-140-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1748-177-0x0000000004580000-0x00000000045A0000-memory.dmp

Filesize
128KB

Download
memory/1748-157-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1788-131-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1788-164-0x0000000004CE0000-0x0000000004D00000-memory.dmp

Filesize
128KB

Download
memory/1788-150-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1864-184-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1876-171-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1908-120-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1908-138-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1948-173-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2020-133-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2020-114-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2116-149-0x0000000004510000-0x0000000004530000-memory.dmp

Filesize
128KB

Download
memory/2116-102-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2116-169-0x0000000005060000-0x0000000005080000-memory.dmp

Filesize
128KB

Download
memory/2116-130-0x0000000004510000-0x0000000004530000-memory.dmp

Filesize
128KB

Download
memory/2116-124-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2128-174-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2128-154-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2220-136-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2220-153-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2304-126-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2304-108-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2340-94-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2340-101-0x0000000004580000-0x00000000045A0000-memory.dmp

Filesize
128KB

Download
memory/2340-123-0x0000000004580000-0x00000000045A0000-memory.dmp

Filesize
128KB

Download
memory/2340-117-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2340-175-0x0000000004AF0000-0x0000000004B10000-memory.dmp

Filesize
128KB

Download
memory/2352-155-0x0000000004580000-0x00000000045A0000-memory.dmp

Filesize
128KB

Download
memory/2352-115-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2352-135-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2372-152-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2372-134-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2380-156-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2380-139-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2396-95-0x0000000004910000-0x0000000004930000-memory.dmp

Filesize
128KB

Download
memory/2396-112-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2396-92-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2412-107-0x0000000004CD0000-0x0000000004CF0000-memory.dmp

Filesize
128KB

Download
memory/2412-61-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2412-90-0x0000000004CD0000-0x0000000004CF0000-memory.dmp

Filesize
128KB

Download
memory/2412-97-0x0000000004CE0000-0x0000000004D00000-memory.dmp

Filesize
128KB

Download
memory/2412-179-0x0000000004CF0000-0x0000000004D10000-memory.dmp

Filesize
128KB

Download
memory/2412-106-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2420-176-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2536-165-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2560-170-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2568-172-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2636-178-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2732-125-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2732-144-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2784-167-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2804-182-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2840-181-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download