66b723e4037dae30a4fc387207b5e411466db71a6cb8c19d8499157ee8b4f76e

Analysis

max time kernel
32s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Size

377KB
MD5

2ec1a494ca2a2b7c439569e6658e2f45
SHA1

a76e8784f250db262f23af4950828a963b300cd9
SHA256

66b723e4037dae30a4fc387207b5e411466db71a6cb8c19d8499157ee8b4f76e
SHA512

24a39ef195c4e22a62b9589d106bbb35cf16fe2666994586f02f59edbddec964de4cc160a3ed0f8f549da11ab16d5e5494d7c20c0b7109ce8a0585abe9c323d1
SSDEEP

6144:6kSAIWHYXqq+vxiCrrZxSlj0KwQWJxXs5MWeKXf10w1X8f5x10TK1+cRMXYrXg1W:eATHYZyxZrZSjFwf3s/Xf2wG0zVXIA/e

Score

8^/10

persistence privilege_escalation

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Explorer Options	idbvtczll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Explorer Options	aanrxzvmbu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Explorer Options	gjfkotqsmo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	idbvtczll.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	aanrxzvmbu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	gjfkotqsmo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Explorer Options	upxdzzhl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Explorer Options	wnsydrv.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	luxnfnqz.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Explorer Options	luxnfnqz.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	spngkystwm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	wnsydrv.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	upxdzzhl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Explorer Options	spngkystwm.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe

Executes dropped EXE 64 IoCs

pid	Process
4952	idbvtczll.exe
3844	aanrxzvmbu.exe
3284	luxnfnqz.exe
3324	gjfkotqsmo.exe
956	upxdzzhl.exe
4376	spngkystwm.exe
1496	wnsydrv.exe
1668	wnsydrv.exe
3940	ygtwvkya.exe
4424	wnsydrv.exe
3368	wnsydrv.exe
3228	wnsydrv.exe
1676	dhabhxeqhi.exe
4992	rwserdvj.exe
1528	pnihsbhrcg.exe
4844	wnsydrv.exe
3724	wnykdaspqv.exe
1152	uoonoon.exe
5032	soeapmyfn.exe
1596	dmqtukmgbfv.exe
3308	bnggfiho.exe
748	inwjgwsm.exe
2360	jltmwegnlop.exe
1664	oedpctzclao.exe
448	ufdyescah.exe
4836	nnpuioibxfc.exe
380	udfhtdtjwks.exe
3704	vlrazkhkt.exe
4028	gtndeivkqsy.exe
1072	ekdgpgqs.exe
4680	ospjvdetc.exe
688	jlawbswycz.exe
484	utwzgal.exe
2184	sjmcrowho.exe
4844	gyeusfn.exe
4636	ysekjiqoz.exe
2804	mxgntph.exe
4452	evikxldh.exe
408	pdumdjsiic.exe
644	kinjlor.exe
2892	turfzttwuj.exe
4176	eolsihok.exe
4472	zdtoqnnnfd.exe
3160	kbfrglb.exe
1688	xrxkhbigy.exe
4184	vdlgugl.exe
716	debjvfwa.exe
1408	wbegjrcaax.exe
3604	jhgiuij.exe
484	hdkvxnlptk.exe
956	sbgxnkz.exe
3380	ngouwqzsf.exe
2300	wdcqzvr.exe
4692	utstktmmr.exe
3276	zybqtpbffl.exe
224	mntiegs.exe
4592	isbpmbrbak.exe
3528	sanisjfbncy.exe
4168	ofvebffum.exe
1688	bvxhllwxilg.exe
1760	khbtpaoiv.exe
4852	iupqdfq.exe
3316	kdqgtjts.exe
1680	tqecxymnemj.exe

Adds Run key to start application 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Java Virtual Machine = "wingtsv.exe"	idbvtczll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Java Virtual Machine = "wingtsv.exe"	aanrxzvmbu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Java Virtual Machine = "wingtsv.exe"	luxnfnqz.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Java Virtual Machine = "wingtsv.exe"	gjfkotqsmo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Java Virtual Machine = "wingtsv.exe"	upxdzzhl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Java Virtual Machine = "wingtsv.exe"	spngkystwm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Java Virtual Machine = "wingtsv.exe"	wnsydrv.exe

Modifies WinLogon 2 TTPs 21 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\System Startup = "wingtsv.exe"	wnsydrv.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\System Startup = "wingtsv.exe"	idbvtczll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\System Startup = "wingtsv.exe"	luxnfnqz.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe wingtsv.exe"	gjfkotqsmo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe wingtsv.exe"	upxdzzhl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe"	wnsydrv.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe"	idbvtczll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe wingtsv.exe"	idbvtczll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\System Startup = "wingtsv.exe"	aanrxzvmbu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe wingtsv.exe"	luxnfnqz.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe"	gjfkotqsmo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe wingtsv.exe"	spngkystwm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\System Startup = "wingtsv.exe"	spngkystwm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe wingtsv.exe"	wnsydrv.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe"	upxdzzhl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\System Startup = "wingtsv.exe"	upxdzzhl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe"	spngkystwm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe"	aanrxzvmbu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe wingtsv.exe"	aanrxzvmbu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe"	luxnfnqz.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\System Startup = "wingtsv.exe"	gjfkotqsmo.exe

Drops file in System32 directory 52 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wnsydrv.exe	luxnfnqz.exe
File opened for modification	C:\Windows\SysWOW64\wnsydrv.exe	upxdzzhl.exe
File opened for modification	C:\Windows\SysWOW64\wingtsv.exe	upxdzzhl.exe
File opened for modification	C:\Windows\SysWOW64\ntvdc.exe	idbvtczll.exe
File opened for modification	C:\Windows\SysWOW64\fsdutil.exe	idbvtczll.exe
File opened for modification	C:\Windows\SysWOW64\fsdutil.exe	spngkystwm.exe
File opened for modification	C:\Windows\SysWOW64\wingtsv.exe	idbvtczll.exe
File created	C:\Windows\SysWOW64\wingtsv.exe	luxnfnqz.exe
File opened for modification	C:\Windows\SysWOW64\fsdutil.exe	gjfkotqsmo.exe
File opened for modification	C:\Windows\SysWOW64\wnsydrv.exe	wnsydrv.exe
File opened for modification	C:\Windows\SysWOW64\wingtsv.exe	wnsydrv.exe
File opened for modification	C:\Windows\SysWOW64\wnsydrv.exe	luxnfnqz.exe
File created	C:\Windows\SysWOW64\fsdutil.exe	upxdzzhl.exe
File created	C:\Windows\SysWOW64\wingtsv.exe	aanrxzvmbu.exe
File created	C:\Windows\SysWOW64\fsdutil.exe	luxnfnqz.exe
File created	C:\Windows\SysWOW64\wingtsv.exe	spngkystwm.exe
File created	C:\Windows\SysWOW64\fsdutil.exe	spngkystwm.exe
File opened for modification	C:\Windows\SysWOW64\fsdutil.exe	aanrxzvmbu.exe
File opened for modification	C:\Windows\SysWOW64\wingtsv.exe	aanrxzvmbu.exe
File opened for modification	C:\Windows\SysWOW64\fsdutil.exe	luxnfnqz.exe
File created	C:\Windows\SysWOW64\ntvdc.exe	aanrxzvmbu.exe
File created	C:\Windows\SysWOW64\wnsydrv.exe	idbvtczll.exe
File opened for modification	C:\Windows\SysWOW64\wnsydrv.exe	gjfkotqsmo.exe
File created	C:\Windows\SysWOW64\wnsydrv.exe	gjfkotqsmo.exe
File opened for modification	C:\Windows\SysWOW64\wnsydrv.exe	spngkystwm.exe
File opened for modification	C:\Windows\SysWOW64\wingtsv.exe	spngkystwm.exe
File opened for modification	C:\Windows\SysWOW64\ntvdc.exe	wnsydrv.exe
File opened for modification	C:\Windows\SysWOW64\ntvdc.exe	aanrxzvmbu.exe
File created	C:\Windows\SysWOW64\ntvdc.exe	idbvtczll.exe
File created	C:\Windows\SysWOW64\fsdutil.exe	idbvtczll.exe
File created	C:\Windows\SysWOW64\wnsydrv.exe	aanrxzvmbu.exe
File opened for modification	C:\Windows\SysWOW64\wingtsv.exe	gjfkotqsmo.exe
File created	C:\Windows\SysWOW64\wnsydrv.exe	upxdzzhl.exe
File created	C:\Windows\SysWOW64\wingtsv.exe	upxdzzhl.exe
File created	C:\Windows\SysWOW64\ntvdc.exe	upxdzzhl.exe
File created	C:\Windows\SysWOW64\wingtsv.exe	idbvtczll.exe
File created	C:\Windows\SysWOW64\ntvdc.exe	wnsydrv.exe
File created	C:\Windows\SysWOW64\wingtsv.exe	gjfkotqsmo.exe
File opened for modification	C:\Windows\SysWOW64\ntvdc.exe	spngkystwm.exe
File created	C:\Windows\SysWOW64\ntvdc.exe	spngkystwm.exe
File created	C:\Windows\SysWOW64\wingtsv.exe	wnsydrv.exe
File created	C:\Windows\SysWOW64\fsdutil.exe	aanrxzvmbu.exe
File created	C:\Windows\SysWOW64\fsdutil.exe	gjfkotqsmo.exe
File opened for modification	C:\Windows\SysWOW64\fsdutil.exe	upxdzzhl.exe
File opened for modification	C:\Windows\SysWOW64\wnsydrv.exe	aanrxzvmbu.exe
File created	C:\Windows\SysWOW64\ntvdc.exe	gjfkotqsmo.exe
File opened for modification	C:\Windows\SysWOW64\ntvdc.exe	upxdzzhl.exe
File opened for modification	C:\Windows\SysWOW64\wingtsv.exe	luxnfnqz.exe
File opened for modification	C:\Windows\SysWOW64\ntvdc.exe	luxnfnqz.exe
File created	C:\Windows\SysWOW64\ntvdc.exe	luxnfnqz.exe
File opened for modification	C:\Windows\SysWOW64\ntvdc.exe	gjfkotqsmo.exe
File opened for modification	C:\Windows\SysWOW64\wnsydrv.exe	idbvtczll.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1808	1996	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	83
PID 1996 wrote to memory of 1808	1996	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	83
PID 1996 wrote to memory of 1808	1996	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	83
PID 1996 wrote to memory of 4952	1996	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	84
PID 1996 wrote to memory of 4952	1996	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	84
PID 1996 wrote to memory of 4952	1996	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	84
PID 1808 wrote to memory of 1708	1808	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	85
PID 1808 wrote to memory of 1708	1808	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	85
PID 1808 wrote to memory of 1708	1808	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	85
PID 1808 wrote to memory of 3844	1808	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	86
PID 1808 wrote to memory of 3844	1808	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	86
PID 1808 wrote to memory of 3844	1808	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	86
PID 1708 wrote to memory of 3216	1708	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	87
PID 1708 wrote to memory of 3216	1708	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	87
PID 1708 wrote to memory of 3216	1708	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	87
PID 1708 wrote to memory of 3284	1708	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	88
PID 1708 wrote to memory of 3284	1708	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	88
PID 1708 wrote to memory of 3284	1708	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	88
PID 3216 wrote to memory of 2740	3216	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	89
PID 3216 wrote to memory of 2740	3216	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	89
PID 3216 wrote to memory of 2740	3216	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	89
PID 3216 wrote to memory of 3324	3216	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	90
PID 3216 wrote to memory of 3324	3216	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	90
PID 3216 wrote to memory of 3324	3216	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	90
PID 2740 wrote to memory of 2928	2740	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	91
PID 2740 wrote to memory of 2928	2740	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	91
PID 2740 wrote to memory of 2928	2740	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	91
PID 2740 wrote to memory of 956	2740	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	208
PID 2740 wrote to memory of 956	2740	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	208
PID 2740 wrote to memory of 956	2740	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	208
PID 2928 wrote to memory of 4644	2928	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	93
PID 2928 wrote to memory of 4644	2928	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	93
PID 2928 wrote to memory of 4644	2928	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	93
PID 2928 wrote to memory of 4376	2928	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	141
PID 2928 wrote to memory of 4376	2928	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	141
PID 2928 wrote to memory of 4376	2928	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	141
PID 4952 wrote to memory of 1496	4952	idbvtczll.exe	95
PID 4952 wrote to memory of 1496	4952	idbvtczll.exe	95
PID 4952 wrote to memory of 1496	4952	idbvtczll.exe	95
PID 4644 wrote to memory of 4056	4644	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	96
PID 4644 wrote to memory of 4056	4644	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	96
PID 4644 wrote to memory of 4056	4644	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	96
PID 3844 wrote to memory of 1668	3844	aanrxzvmbu.exe	246
PID 3844 wrote to memory of 1668	3844	aanrxzvmbu.exe	246
PID 3844 wrote to memory of 1668	3844	aanrxzvmbu.exe	246
PID 4644 wrote to memory of 3940	4644	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	98
PID 4644 wrote to memory of 3940	4644	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	98
PID 4644 wrote to memory of 3940	4644	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	98
PID 3284 wrote to memory of 4424	3284	luxnfnqz.exe	99
PID 3284 wrote to memory of 4424	3284	luxnfnqz.exe	99
PID 3284 wrote to memory of 4424	3284	luxnfnqz.exe	99
PID 3324 wrote to memory of 3368	3324	gjfkotqsmo.exe	100
PID 3324 wrote to memory of 3368	3324	gjfkotqsmo.exe	100
PID 3324 wrote to memory of 3368	3324	gjfkotqsmo.exe	100
PID 4056 wrote to memory of 744	4056	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	101
PID 4056 wrote to memory of 744	4056	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	101
PID 4056 wrote to memory of 744	4056	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	101
PID 4376 wrote to memory of 3228	4376	spngkystwm.exe	102
PID 4376 wrote to memory of 3228	4376	spngkystwm.exe	102
PID 4376 wrote to memory of 3228	4376	spngkystwm.exe	102
PID 4056 wrote to memory of 1676	4056	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	103
PID 4056 wrote to memory of 1676	4056	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	103
PID 4056 wrote to memory of 1676	4056	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	103
PID 744 wrote to memory of 4340	744	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	104

C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1808
- - C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - Suspicious use of WriteProcessMemory
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
      4⤵
      Checks computer location settings
      Suspicious use of WriteProcessMemory
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        5⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        10⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        11⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        13⤵
        Checks computer location settings
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        14⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        15⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        16⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        17⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        18⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        19⤵
        Checks computer location settings
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        20⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        21⤵
        Checks computer location settings
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        22⤵
        Checks computer location settings
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        23⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        24⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        25⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        26⤵
        Checks computer location settings
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        27⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        28⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        29⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        30⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        31⤵
        Checks computer location settings
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        32⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        33⤵
        Checks computer location settings
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        34⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        35⤵
        Checks computer location settings
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        36⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        37⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        38⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        39⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        40⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        41⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        42⤵
        Checks computer location settings
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        43⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        44⤵
        Checks computer location settings
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        45⤵
        Checks computer location settings
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        46⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        47⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        48⤵
        Checks computer location settings
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        49⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        50⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        51⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        52⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        53⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        54⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        55⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        56⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        57⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        58⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        59⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        60⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        61⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        62⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        63⤵
        Checks computer location settings
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        64⤵
        Checks computer location settings
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        65⤵
        Checks computer location settings
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        66⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        67⤵
        Checks computer location settings
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        68⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        69⤵
        Checks computer location settings
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        70⤵
        Checks computer location settings
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        71⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        72⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        73⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        74⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        75⤵
        Checks computer location settings
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        76⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        77⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        78⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        79⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        80⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        81⤵
        Checks computer location settings
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        82⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        83⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        84⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        85⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        86⤵
        Checks computer location settings
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        87⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        88⤵
        Checks computer location settings
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        89⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        90⤵
        Checks computer location settings
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        91⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        92⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        93⤵
        Checks computer location settings
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        94⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        95⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        96⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        97⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        98⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        99⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        100⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        101⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        102⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        103⤵
        Checks computer location settings
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        104⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        105⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        106⤵
        Checks computer location settings
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        107⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        108⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        109⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        110⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        111⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        112⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        113⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        114⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        115⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        116⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        117⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        118⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        119⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        120⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        121⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        122⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        123⤵
        Checks computer location settings
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        124⤵
        Checks computer location settings
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        125⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        126⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        127⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        128⤵
        Checks computer location settings
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        129⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        130⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        131⤵
        Checks computer location settings
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        132⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        133⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        134⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        135⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        136⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        137⤵
        Checks computer location settings
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        138⤵
        Checks computer location settings
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        139⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        140⤵
        Checks computer location settings
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        141⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        142⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        143⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        144⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        145⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        146⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        147⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        148⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        149⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        150⤵
        Checks computer location settings
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        151⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        152⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        153⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        154⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        155⤵
        Checks computer location settings
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        156⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        157⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        158⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        159⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        160⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        161⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        162⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        163⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        164⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        165⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        166⤵
        Checks computer location settings
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        167⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        168⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        169⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        170⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        171⤵
        Checks computer location settings
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        172⤵
        Checks computer location settings
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        173⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        174⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        175⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        176⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        177⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        178⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        179⤵
        Checks computer location settings
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        180⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        181⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        182⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        183⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        184⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        185⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        186⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        187⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        188⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        189⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        190⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        191⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        192⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        193⤵
        Checks computer location settings
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        194⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        195⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        196⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        197⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        198⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        199⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        200⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        201⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        202⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        203⤵
        Checks computer location settings
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        204⤵
        Checks computer location settings
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        205⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        206⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        207⤵
        Checks computer location settings
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        208⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        209⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        210⤵
        Checks computer location settings
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        211⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        212⤵
        Checks computer location settings
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        213⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        214⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        215⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        216⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        217⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        218⤵
        Checks computer location settings
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        219⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        220⤵
        Checks computer location settings
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        221⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        222⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        223⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        224⤵
        Checks computer location settings
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        225⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        226⤵
        Checks computer location settings
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        227⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        228⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        229⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        230⤵
        Checks computer location settings
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        231⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        232⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        233⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        234⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        235⤵
        Checks computer location settings
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        236⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        237⤵
        Checks computer location settings
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        238⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        239⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        240⤵
        Checks computer location settings
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        241⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        242⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        243⤵
        Checks computer location settings
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        244⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        245⤵
        Checks computer location settings
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        246⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        247⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        248⤵
        Checks computer location settings
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        249⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        250⤵
        Checks computer location settings
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        251⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        252⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        253⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        254⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        255⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        256⤵
        Checks computer location settings
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        257⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        258⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        259⤵
        Checks computer location settings
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        260⤵
        Checks computer location settings
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        261⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        262⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        263⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        264⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        265⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        266⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        267⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        268⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        269⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        270⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        271⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        272⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        273⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        274⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        275⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        276⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        277⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        278⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        279⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        280⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        281⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        282⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        283⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        284⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        285⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        286⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        287⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        288⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        289⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        290⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        291⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        292⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        293⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        294⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        295⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        296⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        297⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        298⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        299⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        300⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        301⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        302⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        303⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        304⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        305⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        306⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        307⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        308⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        309⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        310⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        311⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        312⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        313⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        314⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        315⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        316⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        317⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        318⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        319⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        320⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        321⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        322⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        323⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        324⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        325⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        326⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        327⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        328⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        329⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        330⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        331⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        332⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        333⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        334⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        335⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        336⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        337⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        338⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        339⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        340⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        341⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        342⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        343⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        344⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        345⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        346⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        347⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        348⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        349⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        350⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        351⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        352⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        353⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        354⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        355⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        356⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        357⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        358⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        359⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        360⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        361⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        362⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        363⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        364⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        365⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        366⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        367⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        368⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        369⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        370⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        371⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        372⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        373⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        374⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        375⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        376⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        377⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        378⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        379⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        380⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        381⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        382⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        383⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        384⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        385⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        386⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        387⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        388⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        389⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        390⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        391⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        392⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        393⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        394⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        395⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        396⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        397⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        398⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        399⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        400⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        401⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        402⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        403⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        404⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        405⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        406⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        407⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        408⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        409⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        410⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        411⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        412⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        413⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        414⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        415⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        416⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        417⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        418⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        419⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        420⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        421⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        422⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        423⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        424⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        425⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        426⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        427⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        428⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        429⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        430⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        431⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        432⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        433⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        434⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        435⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        436⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        437⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        438⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        439⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        440⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        441⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        442⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        443⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        444⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        445⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        446⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        447⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        448⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        449⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        450⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        451⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        452⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        453⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        454⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        455⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        456⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        457⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        458⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        459⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        460⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        461⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        462⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        463⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        464⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        465⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        466⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        467⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        468⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        469⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        470⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        471⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        472⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        473⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        474⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        475⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        476⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        477⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        478⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        479⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        480⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        481⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        482⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        483⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        484⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        485⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        486⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        487⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        488⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        489⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        490⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        491⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        492⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        493⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        494⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        495⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        496⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        497⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        498⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        499⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        500⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        501⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        502⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        503⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        504⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        505⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        506⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        507⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        508⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        509⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        510⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\zqzujrq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zqzujrq.exe"
        509⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\xixyfuu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xixyfuu.exe"
        508⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\tdffuodk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tdffuodk.exe"
        507⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\lcpsups.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lcpsups.exe"
        506⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\lvtzeidlbc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lvtzeidlbc.exe"
        505⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\sxrsavxa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sxrsavxa.exe"
        504⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\cwrjxmucfgv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cwrjxmucfgv.exe"
        503⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\cyokjbdtq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cyokjbdtq.exe"
        502⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\emknvxlydok.exe
        
        "C:\Users\Admin\AppData\Local\Temp\emknvxlydok.exe"
        501⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\tsqbmipk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tsqbmipk.exe"
        500⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\nnifedqrsef.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nnifedqrsef.exe"
        499⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\kxqctwzz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kxqctwzz.exe"
        498⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\egkwhjtizr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\egkwhjtizr.exe"
        497⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\tyxtccfi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tyxtccfi.exe"
        496⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\vmjhoxnwpi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vmjhoxnwpi.exe"
        495⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\nzvkaikb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nzvkaikb.exe"
        494⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\crjivlwbezu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\crjivlwbezu.exe"
        493⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\efvvhgef.exe
        
        "C:\Users\Admin\AppData\Local\Temp\efvvhgef.exe"
        492⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\wthzdrcutpq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wthzdrcutpq.exe"
        491⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\ygddqmky.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ygddqmky.exe"
        490⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\sfwxezesju.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sfwxezesju.exe"
        489⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\naoavtepk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\naoavtepk.exe"
        488⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\eccufyvryk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eccufyvryk.exe"
        487⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\jxuywcgn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jxuywcgn.exe"
        486⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\bkqcinecmtg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bkqcinecmtg.exe"
        485⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\qcuzdpqcp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qcuzdpqcp.exe"
        484⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\ubntrdjlcj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ubntrdjlcj.exe"
        483⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\hwvqhmct.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hwvqhmct.exe"
        482⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\zjhedhaxswd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zjhedhaxswd.exe"
        481⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\bjrbsjpzu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bjrbsjpzu.exe"
        480⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\vejujnq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vejujnq.exe"
        479⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\vwxbegcwim.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vwxbegcwim.exe"
        478⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\prpfvkcc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\prpfvkcc.exe"
        477⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\lpythnew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lpythnew.exe"
        476⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\jwodbjb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jwodbjb.exe"
        475⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\ycerilgvo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ycerilgvo.exe"
        474⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\pqqufgezrma.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pqqufgezrma.exe"
        473⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\owgimsj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\owgimsj.exe"
        472⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\mmgsfffygst.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mmgsfffygst.exe"
        471⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\bejpahrxt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bejpahrxt.exe"
        470⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\yzlqgnxwghd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yzlqgnxwghd.exe"
        469⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\xrznagjw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xrznagjw.exe"
        468⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\jlhuqzcdmw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jlhuqzcdmw.exe"
        467⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\rsxejwof.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rsxejwof.exe"
        466⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\dmfbyfhmcm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dmfbyfhmcm.exe"
        465⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\xlyvntb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xlyvntb.exe"
        464⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\xdmthvnfrc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xdmthvnfrc.exe"
        463⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\wfkjilw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wfkjilw.exe"
        462⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\iouhfdxq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iouhfdxq.exe"
        461⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\dnyrjrravlb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dnyrjrravlb.exe"
        460⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\vbkfgmzpy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vbkfgmzpy.exe"
        459⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\thzixxebm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\thzixxebm.exe"
        458⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\poffrimlmn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\poffrimlmn.exe"
        457⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\tjxjidm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tjxjidm.exe"
        456⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\jblgtfysagq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jblgtfysagq.exe"
        455⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\hhrukrdeelp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hhrukrdeelp.exe"
        454⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\xjfrfkpequ.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xjfrfkpequ.exe"
        453⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\upfbogmq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\upfbogmq.exe"
        452⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\wdqfkbkufm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wdqfkbkufm.exe"
        451⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\lvumeuwu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lvumeuwu.exe"
        450⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\nuezugkwjhu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nuezugkwjhu.exe"
        449⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\feowjhpnut.exe
        
        "C:\Users\Admin\AppData\Local\Temp\feowjhpnut.exe"
        448⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\cowdiby.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cowdiby.exe"
        447⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\zfwnsnvhjj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zfwnsnvhjj.exe"
        446⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\teqxgbp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\teqxgbp.exe"
        445⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\qoyevuiyq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qoyevuiyq.exe"
        444⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\icjisff.exe
        
        "C:\Users\Admin\AppData\Local\Temp\icjisff.exe"
        443⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\zqfweanrg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zqfweanrg.exe"
        442⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\elxzvfo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\elxzvfo.exe"
        441⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\wkhmkgtqsil.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wkhmkgtqsil.exe"
        440⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\tffukamn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tffukamn.exe"
        439⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\qhdxwdg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qhdxwdg.exe"
        438⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\qzruqgrmjl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qzruqgrmjl.exe"
        437⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\frurlydl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\frurlydl.exe"
        436⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\kmmvccesxpm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kmmvccesxpm.exe"
        435⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\zeqswvqsa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zeqswvqsa.exe"
        434⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\okggehveocn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\okggehveocn.exe"
        433⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\qysjacdj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qysjacdj.exe"
        432⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\khmeofwcdi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\khmeofwcdi.exe"
        431⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\zncrwrb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zncrwrb.exe"
        430⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\eitlnvcmty.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eitlnvcmty.exe"
        429⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\vlfyjga.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vlfyjga.exe"
        428⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\qgxcrlbxhrg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qgxcrlbxhrg.exe"
        427⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\sutgnwjm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sutgnwjm.exe"
        426⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\eprncprjye.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eprncprjye.exe"
        425⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\jajqutsq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jajqutsq.exe"
        424⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\evaulnt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\evaulnt.exe"
        423⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\qpirahmuo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qpirahmuo.exe"
        422⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\phwouzyurpy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\phwouzyurpy.exe"
        421⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\kcesmezbda.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kcesmezbda.exe"
        420⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\mqafyzw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mqafyzw.exe"
        419⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\biedsrifir.exe
        
        "C:\Users\Admin\AppData\Local\Temp\biedsrifir.exe"
        418⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\gdwgkvjm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gdwgkvjm.exe"
        417⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\vjmubxoyxh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vjmubxoyxh.exe"
        416⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\nwxynswd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nwxynswd.exe"
        415⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\uzvbkwackde.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uzvbkwackde.exe"
        414⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\jrzyeylbx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jrzyeylbx.exe"
        413⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\defzfvyibf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\defzfvyibf.exe"
        412⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\apdgfoh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\apdgfoh.exe"
        411⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\xrbzrslopjg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xrbzrslopjg.exe"
        410⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\jqkndun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jqkndun.exe"
        409⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\hgkxxrjkgli.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hgkxxrjkgli.exe"
        408⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\iyysgvamuqu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iyysgvamuqu.exe"
        407⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\aluftgiqx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aluftgiqx.exe"
        406⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\pratksndltj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pratksndltj.exe"
        405⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\umsmbwokm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\umsmbwokm.exe"
        404⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\jefuwpa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jefuwpa.exe"
        403⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\ozxxntagay.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ozxxntagay.exe"
        402⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\auvuccj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\auvuccj.exe"
        401⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\vfnythkupyo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vfnythkupyo.exe"
        400⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\zafblblr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zafblblr.exe"
        399⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\rnbfxwtwehb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rnbfxwtwehb.exe"
        398⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\qffmrzff.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qffmrzff.exe"
        397⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\itqqekckjit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\itqqekckjit.exe"
        396⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\yvenymokwr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yvenymokwr.exe"
        395⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\xniksfa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xniksfa.exe"
        394⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\upgooseiind.exe
        
        "C:\Users\Admin\AppData\Local\Temp\upgooseiind.exe"
        393⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\uhkljlqil.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uhkljlqil.exe"
        392⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\mvwyvgo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mvwyvgo.exe"
        391⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\lnkwpyamb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lnkwpyamb.exe"
        390⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\apotkbl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\apotkbl.exe"
        389⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\cpyqzdanfr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cpyqzdanfr.exe"
        388⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\shlntfmnh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\shlntfmnh.exe"
        387⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\zjzgfjg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zjzgfjg.exe"
        386⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\obnoalscux.exe
        
        "C:\Users\Admin\AppData\Local\Temp\obnoalscux.exe"
        385⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\rlxbznhef.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rlxbznhef.exe"
        384⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\dvfiogqljyn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dvfiogqljyn.exe"
        383⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\fvpfdiedl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fvpfdiedl.exe"
        382⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\nxdyzvyc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nxdyzvyc.exe"
        381⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\xwdzxmvuzot.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xwdzxmvuzot.exe"
        380⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\ezatjqztz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ezatjqztz.exe"
        379⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\treqdsl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\treqdsl.exe"
        378⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\tjsxylxsot.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tjsxylxsot.exe"
        377⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\nekappyz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nekappyz.exe"
        376⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\ckqewbcmej.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ckqewbcmej.exe"
        375⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\hfiinvdj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hfiinvdj.exe"
        374⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\tqqpnomqta.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tqqpnomqta.exe"
        373⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\wzamcqbiv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wzamcqbiv.exe"
        372⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\trxfyefh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\trxfyefh.exe"
        371⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\qmfnonoojp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qmfnonoojp.exe"
        370⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\impkdzdgk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\impkdzdgk.exe"
        369⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\klzxcah.exe
        
        "C:\Users\Admin\AppData\Local\Temp\klzxcah.exe"
        368⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\fgratfifxyb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fgratfifxyb.exe"
        367⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\eyvxexue.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eyvxexue.exe"
        366⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\tajfyageczg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tajfyageczg.exe"
        365⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\tsncsssdp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tsncsssdp.exe"
        364⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\nnffjwt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nnffjwt.exe"
        363⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\siwjbrurce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\siwjbrurce.exe"
        362⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\kwimnmbw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kwimnmbw.exe"
        361⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\elinknyois.exe
        
        "C:\Users\Admin\AppData\Local\Temp\elinknyois.exe"
        360⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\bnghgqsns.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bnghgqsns.exe"
        359⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\qtmuocxawld.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qtmuocxawld.exe"
        358⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\plasiujz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\plasiujz.exe"
        357⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\noyveiny.exe
        
        "C:\Users\Admin\AppData\Local\Temp\noyveiny.exe"
        356⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\mqbszazymr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mqbszazymr.exe"
        355⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\etnwlvwn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\etnwlvwn.exe"
        354⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\dwbtfoimbs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dwbtfoimbs.exe"
        353⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\tofaaqume.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tofaaqume.exe"
        352⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\xjxurlvjplu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xjxurlvjplu.exe"
        351⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\nbbbbnhisu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nbbbbnhisu.exe"
        350⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\rwtesii.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rwtesii.exe"
        349⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\hohbnkupgow.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hohbnkupgow.exe"
        348⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\gqlzhnfo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gqlzhnfo.exe"
        347⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\apetvqziwe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\apetvqziwe.exe"
        346⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\qrsqqtlhy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qrsqqtlhy.exe"
        345⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\xjqjcwp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xjqjcwp.exe"
        344⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\pxcxyrnllj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pxcxyrnllj.exe"
        343⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\hkobkmuq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hkobkmuq.exe"
        342⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\bjoridrsch.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bjoridrsch.exe"
        341⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\sxafuyp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sxafuyp.exe"
        340⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\azxyqbtwpth.exe
        
        "C:\Users\Admin\AppData\Local\Temp\azxyqbtwpth.exe"
        339⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\mkfggvcd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mkfggvcd.exe"
        338⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\rfxjxpdauuz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rfxjxpdauuz.exe"
        337⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\mapnotohff.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mapnotohff.exe"
        336⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\ilnkedwejki.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ilnkedwejki.exe"
        335⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\ayjyqyutw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ayjyqyutw.exe"
        334⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\pqnvkag.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pqnvkag.exe"
        333⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\xtkygekszpp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xtkygekszpp.exe"
        332⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\mzqcoppe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mzqcoppe.exe"
        331⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\oyaznrewogx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oyaznrewogx.exe"
        330⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\deqnedii.exe
        
        "C:\Users\Admin\AppData\Local\Temp\deqnedii.exe"
        329⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\yziqwhj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yziqwhj.exe"
        328⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\xfyedjob.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xfyedjob.exe"
        327⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\pfircvt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pfircvt.exe"
        326⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\ohmyxnftw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ohmyxnftw.exe"
        325⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\jcdcesga.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jcdcesga.exe"
        324⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\lfzfadoeko.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lfzfadoeko.exe"
        323⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\ctljnyl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ctljnyl.exe"
        322⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\svpghaxizfj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\svpghaxizfj.exe"
        321⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\uvzdwcmkb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uvzdwcmkb.exe"
        320⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\wujaver.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wujaver.exe"
        319⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\rpbemisjnyj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rpbemisjnyj.exe"
        318⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\ghobhkejq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ghobhkejq.exe"
        317⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\lcgeyfe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lcgeyfe.exe"
        316⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\cqsikamue.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cqsikamue.exe"
        315⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\wpsjirjmifx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wpsjirjmifx.exe"
        314⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\rkkmzvktur.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rkkmzvktur.exe"
        313⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\qcokjnw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qcokjnw.exe"
        312⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\oemnfbq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oemnfbq.exe"
        311⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\kpukvkjp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kpukvkjp.exe"
        310⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\aryhpnv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aryhpnv.exe"
        309⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\ecplghvwy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecplghvwy.exe"
        308⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\wlziwtao.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wlziwtao.exe"
        307⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\wdnfqlmncri.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wdnfqlmncri.exe"
        306⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\lvrckoynp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lvrckoynp.exe"
        305⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\njdqwzgbssq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\njdqwzgbssq.exe"
        304⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\kzdaqwtnd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kzdaqwtnd.exe"
        303⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\zrrxkye.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zrrxkye.exe"
        302⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\zkuuerqmjt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zkuuerqmjt.exe"
        301⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\qxgirmy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qxgirmy.exe"
        300⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\txqvgndjxnf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\txqvgndjxnf.exe"
        299⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\izecaqpiz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\izecaqpiz.exe"
        298⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\camjjwvcp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\camjjwvcp.exe"
        297⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\tdyxvrcgcut.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tdyxvrcgcut.exe"
        296⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\yypbmldnd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yypbmldnd.exe"
        295⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\natyhop.exe
        
        "C:\Users\Admin\AppData\Local\Temp\natyhop.exe"
        294⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\pofbtznrs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pofbtznrs.exe"
        293⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\ngdfpmrrc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ngdfpmrrc.exe"
        292⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\zblcfwkygpi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zblcfwkygpi.exe"
        291⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\ewdgwakvi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ewdgwakvi.exe"
        290⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\qglnlttcwgr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qglnlttcwgr.exe"
        289⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\sgvkkviux.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sgvkkviux.exe"
        288⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\qwuuusvg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qwuuusvg.exe"
        287⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\poyrokhgll.exe
        
        "C:\Users\Admin\AppData\Local\Temp\poyrokhgll.exe"
        286⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\evofgwm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\evofgwm.exe"
        285⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\wuycvyaubmg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wuycvyaubmg.exe"
        284⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\yikfrtyy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yikfrtyy.exe"
        283⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\qhudgun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qhudgun.exe"
        282⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\pjiabxzqr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pjiabxzqr.exe"
        281⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\ncvtnbtps.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ncvtnbtps.exe"
        280⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\pphhjwbeekc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pphhjwbeekc.exe"
        279⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\ervedyndh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ervedyndh.exe"
        278⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\djzborydkbh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\djzborydkbh.exe"
        277⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\spppfcdp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\spppfcdp.exe"
        276⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\nkhswxe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nkhswxe.exe"
        275⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\pkrplijokd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pkrplijokd.exe"
        274⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\ocvngbv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ocvngbv.exe"
        273⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\jxmqxfwkphm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jxmqxfwkphm.exe"
        272⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\yzanryikb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yzanryikb.exe"
        271⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\yrekmat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yrekmat.exe"
        270⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\smwodvuqfj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\smwodvuqfj.exe"
        269⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\ulglsgji.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ulglsgji.exe"
        268⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\hwosrqspvlt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hwosrqspvlt.exe"
        267⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\oymmedwpv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oymmedwpv.exe"
        266⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\btkttwf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\btkttwf.exe"
        265⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\ilhmpaivjt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ilhmpaivjt.exe"
        264⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\aztabvga.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aztabvga.exe"
        263⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\xubxrezhag.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xubxrezhag.exe"
        262⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\mmpulhlg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mmpulhlg.exe"
        261⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\todyhkfgmdp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\todyhkfgmdp.exe"
        260⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\gzlfxdydq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gzlfxdydq.exe"
        259⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\nbjzthc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nbjzthc.exe"
        258⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\dtnwdjncdfr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dtnwdjncdfr.exe"
        257⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\cvqtxcpb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cvqtxcpb.exe"
        256⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\xgiwpga.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xgiwpga.exe"
        255⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\jbqeeqjpv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jbqeeqjpv.exe"
        254⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\laabdbo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\laabdbo.exe"
        253⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\gvsevwzeilj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gvsevwzeilj.exe"
        252⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\cgabkpi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cgabkpi.exe"
        251⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\aiyfgsl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aiyfgsl.exe"
        250⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\wtwcvmus.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wtwcvmus.exe"
        249⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\rongnqv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rongnqv.exe"
        248⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\qqbnhihoo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qqbnhihoo.exe"
        247⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\iunqtdp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iunqtdp.exe"
        246⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\kdxojfuvsi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kdxojfuvsi.exe"
        245⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\avlldiguf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\avlldiguf.exe"
        244⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\hyzezlj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hyzezlj.exe"
        243⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\xqnltovtiom.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xqnltovtiom.exe"
        242⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\wirieght.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wirieght.exe"
        241⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\lkvgyjtsxph.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lkvgyjtsxph.exe"
        240⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\qfmjpduzi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qfmjpduzi.exe"
        239⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\fxagjgg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fxagjgg.exe"
        238⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\epedeysyo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\epedeysyo.exe"
        237⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\crchqmlyy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\crchqmlyy.exe"
        236⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\ockopvevclj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ockopvevclj.exe"
        235⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\wsayzsrhn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wsayzsrhn.exe"
        234⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\nkxsiwsirq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nkxsiwsirq.exe"
        233⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\htrcwkm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\htrcwkm.exe"
        232⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\xlfarcxrhgl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xlfarcxrhgl.exe"
        231⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\tgdhgvg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tgdhgvg.exe"
        230⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\rybaczk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rybaczk.exe"
        229⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\slnopuid.exe
        
        "C:\Users\Admin\AppData\Local\Temp\slnopuid.exe"
        228⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\kzjslpqrkqh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kzjslpqrkqh.exe"
        227⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\cnufxaown.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cnufxaown.exe"
        226⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\eagjkvvaagn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eagjkvvaagn.exe"
        225⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\tgwxbhan.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tgwxbhan.exe"
        224⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\ntsxnents.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ntsxnents.exe"
        223⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\ezsytrxxh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ezsytrxxh.exe"
        222⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\bdtzaxmwusk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bdtzaxmwusk.exe"
        221⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\nobgzqvd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nobgzqvd.exe"
        220⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\kubqidspzig.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kubqidspzig.exe"
        219⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\kwfndgepm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kwfndgepm.exe"
        218⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\zojkxyq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zojkxyq.exe"
        217⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\bcfyjtytc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bcfyjtytc.exe"
        216⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\vxxbbny.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vxxbbny.exe"
        215⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\qwqlpbskqa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qwqlpbskqa.exe"
        214⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\mvazceuevc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mvazceuevc.exe"
        213⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\eimnozcs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eimnozcs.exe"
        212⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\ydeqftdpjvw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ydeqftdpjvw.exe"
        211⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\arquboau.exe
        
        "C:\Users\Admin\AppData\Local\Temp\arquboau.exe"
        210⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\semyojijzls.exe
        
        "C:\Users\Admin\AppData\Local\Temp\semyojijzls.exe"
        209⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\nzdbfdjfaw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nzdbfdjfaw.exe"
        208⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\mfjpwposorx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mfjpwposorx.exe"
        207⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\gabtojpzp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gabtojpzp.exe"
        206⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\vktnsomyfd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vktnsomyfd.exe"
        205⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\aflqkjnf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aflqkjnf.exe"
        204⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\rtxegeljtx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rtxegeljtx.exe"
        203⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\dsgssgxdyyu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dsgssgxdyyu.exe"
        202⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\vfcwfrvil.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vfcwfrvil.exe"
        201⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\xtojrmdnoeq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xtojrmdnoeq.exe"
        200⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\unqaisil.exe
        
        "C:\Users\Admin\AppData\Local\Temp\unqaisil.exe"
        199⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\oamktpvsp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oamktpvsp.exe"
        198⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\dgbobbaetkf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dgbobbaetkf.exe"
        197⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\fglladpwe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fglladpwe.exe"
        196⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\zpffoqiqhts.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zpffoqiqhts.exe"
        195⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\rcbjalgut.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rcbjalgut.exe"
        194⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\jqnnnwo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jqnnnwo.exe"
        193⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\favumpxg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\favumpxg.exe"
        192⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\avnxdky.exe
        
        "C:\Users\Admin\AppData\Local\Temp\avnxdky.exe"
        191⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\snasnoyfa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\snasnoyfa.exe"
        190⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\tawvzjwtcm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tawvzjwtcm.exe"
        189⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\ovezrdhqo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ovezrdhqo.exe"
        188⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\kqmggxqxsd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kqmggxqxsd.exe"
        187⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\cuikcsoc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cuikcsoc.exe"
        186⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\awwnovsb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\awwnovsb.exe"
        185⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\ckhrlqzqhh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ckhrlqzqhh.exe"
        184⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\ujboaseit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ujboaseit.exe"
        183⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\tlfluuqhvcn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tlfluuqhvcn.exe"
        182⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\fwnskejo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fwnskejo.exe"
        181⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\hjzwwzhtmp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hjzwwzhtmp.exe"
        180⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\cerzndian.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cerzndian.exe"
        179⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\rwvwivu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rwvwivu.exe"
        178⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\ljaxtsgw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ljaxtsgw.exe"
        177⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\qesbkwhdpyk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qesbkwhdpyk.exe"
        176⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\knmvzkbn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\knmvzkbn.exe"
        175⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\cbyylvjbfde.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cbyylvjbfde.exe"
        174⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\bhomchn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bhomchn.exe"
        173⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\tkaqpclswq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tkaqpclswq.exe"
        172⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\inoxjuxs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\inoxjuxs.exe"
        171⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\kazbvpfwbh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kazbvpfwbh.exe"
        170⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\hgzlpcsi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hgzlpcsi.exe"
        169⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\gzdijfeipa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gzdijfeipa.exe"
        168⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\ttlpyyxp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ttlpyyxp.exe"
        167⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\oodtqsx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oodtqsx.exe"
        166⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\pcpwcnvb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pcpwcnvb.exe"
        165⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\hpkayydfuhc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hpkayydfuhc.exe"
        164⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\zhyuiduh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zhyuiduh.exe"
        163⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\wxyorzqtklz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wxyorzqtklz.exe"
        162⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\vpcllccs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vpcllccs.exe"
        161⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\iakibllqaam.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iakibllqaam.exe"
        160⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\jnwwxgt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jnwwxgt.exe"
        159⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\eioaoaubotz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eioaoaubotz.exe"
        158⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\jdfdgfviq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jdfdgfviq.exe"
        157⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\bdpqvgka.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bdpqvgka.exe"
        156⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\xnxxkashf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xnxxkashf.exe"
        155⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\vexhexpt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vexhexpt.exe"
        154⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\mrjvqinyto.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mrjvqinyto.exe"
        153⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\effzcdvm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\effzcdvm.exe"
        152⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\dllmuoazk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dllmuoazk.exe"
        151⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\sraqlaulogp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sraqlaulogp.exe"
        150⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\pyakunrxz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pyakunrxz.exe"
        149⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\pqehppd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pqehppd.exe"
        148⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\dwuvgbij.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dwuvgbij.exe"
        147⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\yfofvfcttbu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yfofvfcttbu.exe"
        146⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\asajhakh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\asajhakh.exe"
        145⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\rgvwtvhmir.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rgvwtvhmir.exe"
        144⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\jthaqgpq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jthaqgpq.exe"
        143⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\oozehkqxwkn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oozehkqxwkn.exe"
        142⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\gslrtvocj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gslrtvocj.exe"
        141⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\vuzonya.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vuzonya.exe"
        140⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\uafsfjeo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uafsfjeo.exe"
        139⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\pvwwwef.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pvwwwef.exe"
        138⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\hzijiznzez.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hzijiznzez.exe"
        137⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\luanado.exe
        
        "C:\Users\Admin\AppData\Local\Temp\luanado.exe"
        136⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\dhwqmomlsi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dhwqmomlsi.exe"
        135⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\cnceearxgnt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cnceearxgnt.exe"
        134⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\wwgosnkr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wwgosnkr.exe"
        133⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\mokvmgw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mokvmgw.exe"
        132⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\qjbzdkxox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qjbzdkxox.exe"
        131⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\fprdlwcaltv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fprdlwcaltv.exe"
        130⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\akjgcqdhme.exe
        
        "C:\Users\Admin\AppData\Local\Temp\akjgcqdhme.exe"
        129⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\cyvuylk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cyvuylk.exe"
        128⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\ulhylwiacu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ulhylwiacu.exe"
        127⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\irxlcinmqzw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\irxlcinmqzw.exe"
        126⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\xoczuusz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xoczuusz.exe"
        125⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\zpatdytqi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zpatdytqi.exe"
        124⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\wkckkeyplwy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wkckkeyplwy.exe"
        123⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\lqsybqdb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lqsybqdb.exe"
        122⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\fdoynnqin.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fdoynnqin.exe"
        121⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\bxpzttggqr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bxpzttggqr.exe"
        120⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\tlbcfenl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tlbcfenl.exe"
        119⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\ifthuzlki.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ifthuzlki.exe"
        118⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\hxheobnkujq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hxheobnkujq.exe"
        117⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\cszhgwyrwu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cszhgwyrwu.exe"
        116⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\ryfvxhd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ryfvxhd.exe"
        115⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\yacpjvxckn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yacpjvxckn.exe"
        114⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\llkwzepz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\llkwzepz.exe"
        113⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\nzwavznobb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nzwavznobb.exe"
        112⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\kbudhdrnb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kbudhdrnb.exe"
        111⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\xmsagwa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xmsagwa.exe"
        110⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\bvwuljue.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bvwuljue.exe"
        109⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\qbciclyqfh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qbciclyqfh.exe"
        108⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\lwtmtqzxh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lwtmtqzxh.exe"
        107⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\prlfluausti.exe
        
        "C:\Users\Admin\AppData\Local\Temp\prlfluausti.exe"
        106⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\enbtcwfh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\enbtcwfh.exe"
        105⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\ywvnrjzajg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ywvnrjzajg.exe"
        104⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\yozkbmla.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yozkbmla.exe"
        103⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\nqnhvewzoxf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nqnhvewzoxf.exe"
        102⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\kwmrobtla.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kwmrobtla.exe"
        101⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\wjywynosq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wjywynosq.exe"
        100⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\beqzprp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\beqzprp.exe"
        99⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\qkwnhtubg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qkwnhtubg.exe"
        98⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\kvoryxu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kvoryxu.exe"
        97⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\kxcoiqgikf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kxcoiqgikf.exe"
        96⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\estrauhf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\estrauhf.exe"
        95⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\jdlvroimxcd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jdlvroimxcd.exe"
        94⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\yjriiany.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yjriiany.exe"
        93⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\atbwxmcqmsl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\atbwxmcqmsl.exe"
        92⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\sgxjuxzfz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sgxjuxzfz.exe"
        91⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\kkjngsh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kkjngsh.exe"
        90⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\geruwlqq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\geruwlqq.exe"
        89⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\adkekpkasv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\adkekpkasv.exe"
        88⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\uagfwlxhgpf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uagfwlxhgpf.exe"
        87⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\ksumqoigjy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ksumqoigjy.exe"
        86⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\rzuwzlf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rzuwzlf.exe"
        85⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\dtstyuozz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dtstyuozz.exe"
        84⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\yswndhs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yswndhs.exe"
        83⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\cnnrumtqn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cnnrumtqn.exe"
        82⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\ubzvqxr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ubzvqxr.exe"
        81⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\ttdsbzcuc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ttdsbzcuc.exe"
        80⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\lhzfxkk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lhzfxkk.exe"
        79⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\gcrjoolgqqz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gcrjoolgqqz.exe"
        78⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\fixxgaq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fixxgaq.exe"
        77⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\wjurpfht.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wjurpfht.exe"
        76⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\mbyokxs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mbyokxs.exe"
        75⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\dpkswsayy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dpkswsayy.exe"
        74⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\lvkcfpn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lvkcfpn.exe"
        73⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\abapxrswn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\abapxrswn.exe"
        72⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\pdemrte.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pdemrte.exe"
        71⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\wkewagbib.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wkewagbib.exe"
        70⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\oxpkxby.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oxpkxby.exe"
        69⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\awzyjekg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\awzyjekg.exe"
        68⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\hczisaxsvz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hczisaxsvz.exe"
        67⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\wenfntjs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wenfntjs.exe"
        66⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\osztjorwkqz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\osztjorwkqz.exe"
        65⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\tdrmairdm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tdrmairdm.exe"
        64⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\ifutlld.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ifutlld.exe"
        63⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\namxcfeaau.exe
        
        "C:\Users\Admin\AppData\Local\Temp\namxcfeaau.exe"
        62⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\foibyaco.exe
        
        "C:\Users\Admin\AppData\Local\Temp\foibyaco.exe"
        61⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\ukoogmhbqh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ukoogmhbqh.exe"
        60⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\tqecxymnemj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tqecxymnemj.exe"
        59⤵
        Executes dropped EXE
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\kdqgtjts.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kdqgtjts.exe"
        58⤵
        Executes dropped EXE
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\iupqdfq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iupqdfq.exe"
        57⤵
        Executes dropped EXE
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\khbtpaoiv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\khbtpaoiv.exe"
        56⤵
        Executes dropped EXE
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\bvxhllwxilg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bvxhllwxilg.exe"
        55⤵
        Executes dropped EXE
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\ofvebffum.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ofvebffum.exe"
        54⤵
        Executes dropped EXE
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\sanisjfbncy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sanisjfbncy.exe"
        53⤵
        Executes dropped EXE
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\isbpmbrbak.exe
        
        "C:\Users\Admin\AppData\Local\Temp\isbpmbrbak.exe"
        52⤵
        Executes dropped EXE
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\mntiegs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mntiegs.exe"
        51⤵
        Executes dropped EXE
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\zybqtpbffl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zybqtpbffl.exe"
        50⤵
        Executes dropped EXE
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\utstktmmr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\utstktmmr.exe"
        49⤵
        Executes dropped EXE
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\wdcqzvr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wdcqzvr.exe"
        48⤵
        Executes dropped EXE
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\ngouwqzsf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ngouwqzsf.exe"
        47⤵
        Executes dropped EXE
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\sbgxnkz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sbgxnkz.exe"
        46⤵
        Executes dropped EXE
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\hdkvxnlptk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hdkvxnlptk.exe"
        45⤵
        Executes dropped EXE
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\jhgiuij.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jhgiuij.exe"
        44⤵
        Executes dropped EXE
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\wbegjrcaax.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wbegjrcaax.exe"
        43⤵
        Executes dropped EXE
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\debjvfwa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\debjvfwa.exe"
        42⤵
        Executes dropped EXE
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\vdlgugl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vdlgugl.exe"
        41⤵
        Executes dropped EXE
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\xrxkhbigy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xrxkhbigy.exe"
        40⤵
        Executes dropped EXE
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\kbfrglb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kbfrglb.exe"
        39⤵
        Executes dropped EXE
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\zdtoqnnnfd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zdtoqnnnfd.exe"
        38⤵
        Executes dropped EXE
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\eolsihok.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eolsihok.exe"
        37⤵
        Executes dropped EXE
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\turfzttwuj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\turfzttwuj.exe"
        36⤵
        Executes dropped EXE
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\kinjlor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kinjlor.exe"
        35⤵
        Executes dropped EXE
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\pdumdjsiic.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pdumdjsiic.exe"
        34⤵
        Executes dropped EXE
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\evikxldh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\evikxldh.exe"
        33⤵
        Executes dropped EXE
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\mxgntph.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mxgntph.exe"
        32⤵
        Executes dropped EXE
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\ysekjiqoz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ysekjiqoz.exe"
        31⤵
        Executes dropped EXE
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\gyeusfn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gyeusfn.exe"
        30⤵
        Executes dropped EXE
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\sjmcrowho.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sjmcrowho.exe"
        29⤵
        Executes dropped EXE
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\utwzgal.exe
        
        "C:\Users\Admin\AppData\Local\Temp\utwzgal.exe"
        28⤵
        Executes dropped EXE
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\jlawbswycz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jlawbswycz.exe"
        27⤵
        Executes dropped EXE
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\ospjvdetc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ospjvdetc.exe"
        26⤵
        Executes dropped EXE
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\ekdgpgqs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ekdgpgqs.exe"
        25⤵
        Executes dropped EXE
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\gtndeivkqsy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gtndeivkqsy.exe"
        24⤵
        Executes dropped EXE
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\vlrazkhkt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vlrazkhkt.exe"
        23⤵
        Executes dropped EXE
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\udfhtdtjwks.exe
        
        "C:\Users\Admin\AppData\Local\Temp\udfhtdtjwks.exe"
        22⤵
        Executes dropped EXE
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\nnpuioibxfc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nnpuioibxfc.exe"
        21⤵
        Executes dropped EXE
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\ufdyescah.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ufdyescah.exe"
        20⤵
        Executes dropped EXE
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\oedpctzclao.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oedpctzclao.exe"
        19⤵
        Executes dropped EXE
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\jltmwegnlop.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jltmwegnlop.exe"
        18⤵
        Executes dropped EXE
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\inwjgwsm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\inwjgwsm.exe"
        17⤵
        Executes dropped EXE
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\bnggfiho.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bnggfiho.exe"
        16⤵
        Executes dropped EXE
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\dmqtukmgbfv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dmqtukmgbfv.exe"
        15⤵
        Executes dropped EXE
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\soeapmyfn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\soeapmyfn.exe"
        14⤵
        Executes dropped EXE
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\uoonoon.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uoonoon.exe"
        13⤵
        Executes dropped EXE
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\wnykdaspqv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wnykdaspqv.exe"
        12⤵
        Executes dropped EXE
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\pnihsbhrcg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pnihsbhrcg.exe"
        11⤵
        Executes dropped EXE
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\rwserdvj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rwserdvj.exe"
        10⤵
        Executes dropped EXE
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\dhabhxeqhi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dhabhxeqhi.exe"
        9⤵
        Executes dropped EXE
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\ygtwvkya.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ygtwvkya.exe"
        8⤵
        Executes dropped EXE
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\spngkystwm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\spngkystwm.exe"
        7⤵
        Adds policy Run key to start application
        Executes dropped EXE
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4376
        
        C:\Windows\SysWOW64\wnsydrv.exe
        
        "C:\Windows\System32\wnsydrv.exe" a
        8⤵
        Executes dropped EXE
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\upxdzzhl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\upxdzzhl.exe"
        6⤵
        Adds policy Run key to start application
        Executes dropped EXE
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:956
        
        C:\Windows\SysWOW64\wnsydrv.exe
        
        "C:\Windows\System32\wnsydrv.exe" a
        7⤵
        Executes dropped EXE
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\gjfkotqsmo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gjfkotqsmo.exe"
        5⤵
        Adds policy Run key to start application
        Executes dropped EXE
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3324
      - C:\Windows\SysWOW64\wnsydrv.exe
        
        "C:\Windows\System32\wnsydrv.exe" a
        6⤵
        Executes dropped EXE
        
        PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\luxnfnqz.exe
      "C:\Users\Admin\AppData\Local\Temp\luxnfnqz.exe"
      4⤵
      Adds policy Run key to start application
      Executes dropped EXE
      Adds Run key to start application
      Modifies WinLogon
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3284
    - - C:\Windows\SysWOW64\wnsydrv.exe
        
        "C:\Windows\System32\wnsydrv.exe" a
        5⤵
        Executes dropped EXE
        
        PID:4424
- - C:\Users\Admin\AppData\Local\Temp\aanrxzvmbu.exe
    "C:\Users\Admin\AppData\Local\Temp\aanrxzvmbu.exe"
    3⤵
    - Adds policy Run key to start application
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies WinLogon
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:3844
  - - C:\Windows\SysWOW64\wnsydrv.exe
      "C:\Windows\System32\wnsydrv.exe" a
      4⤵
      Executes dropped EXE
      PID:1668
- C:\Users\Admin\AppData\Local\Temp\idbvtczll.exe
  "C:\Users\Admin\AppData\Local\Temp\idbvtczll.exe"
  2⤵
  - Adds policy Run key to start application
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies WinLogon
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4952
- - C:\Windows\SysWOW64\wnsydrv.exe
    "C:\Windows\System32\wnsydrv.exe" a
    3⤵
    - Adds policy Run key to start application
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies WinLogon
    - Drops file in System32 directory
    PID:1496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\idbvtczll.exe

Filesize
60KB

MD5
743168306f259da59e4d14e3bb2f357b

SHA1
c8e7c10bcde3c0da8531e1f895cfef34866fe4e4

SHA256
364f281d623cc1594dda68407faba1cc68c70b56275c365b1660f3b2d0586845

SHA512
42c31f768d739a88010c7bbe9a197ad1316ea80164a45597e92914f55b5bb4c5093f4e107448b476e63d87062e88bd5e175fc4d8c2129132e3b2073934226d16

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads