734627088382cd5c524be577afa06bd8a1b077a83a144b1323ef609b483982e7

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Size

856KB
MD5

a1849707367f80b29da945ce3cf58020
SHA1

b21cb04dc09d28222e2ed80f940610a443d7a830
SHA256

734627088382cd5c524be577afa06bd8a1b077a83a144b1323ef609b483982e7
SHA512

0742b133bc3f51544ac98d42c990c25433fae436a79092ba40d82060f8328ef210daebe36c94a1b3e741b09874042130fbcd975fbfd9afe77f343c48703d1813
SSDEEP

24576:OKnYI/jQMVQCccK1EShWstH3+klJQmSvNDQMyta:OKnYkjQAQCccGd3FuklSZNErM

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2812 set thread context of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 4492 set thread context of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 1500 set thread context of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 3836 set thread context of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3168 set thread context of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3712 set thread context of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 2388 set thread context of 4884	2388	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	93
PID 4884 set thread context of 3552	4884	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	96
PID 3552 set thread context of 2992	3552	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	97
PID 4288 set thread context of 3540	4288	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	100
PID 3540 set thread context of 4592	3540	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	102
PID 4592 set thread context of 3068	4592	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	103
PID 3068 set thread context of 3192	3068	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	104
PID 3192 set thread context of 2152	3192	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	105
PID 2152 set thread context of 2120	2152	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	106
PID 2120 set thread context of 1028	2120	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	107
PID 1028 set thread context of 1956	1028	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	108
PID 1956 set thread context of 2016	1956	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	109
PID 2016 set thread context of 2476	2016	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	110
PID 2476 set thread context of 3308	2476	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	112
PID 3308 set thread context of 4624	3308	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	113
PID 4624 set thread context of 4900	4624	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	114
PID 4900 set thread context of 4028	4900	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	115
PID 4028 set thread context of 1864	4028	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	116
PID 1864 set thread context of 2944	1864	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	117
PID 2944 set thread context of 532	2944	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	118
PID 532 set thread context of 4980	532	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	119
PID 4980 set thread context of 836	4980	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	120
PID 836 set thread context of 4816	836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	123
PID 4816 set thread context of 4228	4816	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	124
PID 4228 set thread context of 2492	4228	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	125
PID 2492 set thread context of 2796	2492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	126
PID 2796 set thread context of 2168	2796	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	127
PID 2168 set thread context of 4004	2168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	128
PID 4004 set thread context of 3156	4004	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	129
PID 3156 set thread context of 544	3156	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	130
PID 544 set thread context of 3568	544	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	131
PID 3568 set thread context of 4200	3568	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	132
PID 4200 set thread context of 4648	4200	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	133
PID 4648 set thread context of 4744	4648	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	134
PID 4744 set thread context of 3580	4744	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	135
PID 3580 set thread context of 764	3580	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	136
PID 764 set thread context of 3088	764	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	137
PID 3088 set thread context of 1408	3088	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	138
PID 1408 set thread context of 3440	1408	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	139
PID 3440 set thread context of 5112	3440	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	140
PID 5112 set thread context of 376	5112	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	141
PID 376 set thread context of 228	376	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	142
PID 228 set thread context of 1960	228	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	143
PID 1960 set thread context of 3180	1960	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	144
PID 3180 set thread context of 1088	3180	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	145
PID 1088 set thread context of 2272	1088	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	146
PID 2272 set thread context of 4384	2272	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	147
PID 4384 set thread context of 4496	4384	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	148
PID 4496 set thread context of 4412	4496	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	149
PID 4412 set thread context of 2540	4412	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	150
PID 2540 set thread context of 5056	2540	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	151
PID 5056 set thread context of 1036	5056	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	152
PID 1036 set thread context of 3792	1036	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	153
PID 3792 set thread context of 704	3792	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	154
PID 704 set thread context of 3700	704	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	155
PID 3700 set thread context of 4212	3700	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	156
PID 4212 set thread context of 2028	4212	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	157
PID 2028 set thread context of 2496	2028	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	158

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2388	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2388	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4884	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4884	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3552	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3552	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4288	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4288	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3540	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3540	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4592	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4592	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3068	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3068	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3192	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3192	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2152	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2152	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2120	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2120	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
1028	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
1028	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
1956	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
1956	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2016	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2016	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2476	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2476	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3308	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
3308	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4624	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4624	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4900	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4900	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4028	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4028	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
1864	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
1864	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2944	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2944	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
532	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
532	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4980	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4980	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4816	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4816	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4228	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
4228	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
2492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 2812 wrote to memory of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 2812 wrote to memory of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 2812 wrote to memory of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 2812 wrote to memory of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 2812 wrote to memory of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 2812 wrote to memory of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 2812 wrote to memory of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 2812 wrote to memory of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 2812 wrote to memory of 4492	2812	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	86
PID 4492 wrote to memory of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 4492 wrote to memory of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 4492 wrote to memory of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 4492 wrote to memory of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 4492 wrote to memory of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 4492 wrote to memory of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 4492 wrote to memory of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 4492 wrote to memory of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 4492 wrote to memory of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 4492 wrote to memory of 1500	4492	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	88
PID 1500 wrote to memory of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 1500 wrote to memory of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 1500 wrote to memory of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 1500 wrote to memory of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 1500 wrote to memory of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 1500 wrote to memory of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 1500 wrote to memory of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 1500 wrote to memory of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 1500 wrote to memory of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 1500 wrote to memory of 3836	1500	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	89
PID 3836 wrote to memory of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3836 wrote to memory of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3836 wrote to memory of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3836 wrote to memory of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3836 wrote to memory of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3836 wrote to memory of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3836 wrote to memory of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3836 wrote to memory of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3836 wrote to memory of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3836 wrote to memory of 3168	3836	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	90
PID 3168 wrote to memory of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3168 wrote to memory of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3168 wrote to memory of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3168 wrote to memory of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3168 wrote to memory of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3168 wrote to memory of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3168 wrote to memory of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3168 wrote to memory of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3168 wrote to memory of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3168 wrote to memory of 3712	3168	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	91
PID 3712 wrote to memory of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 3712 wrote to memory of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 3712 wrote to memory of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 3712 wrote to memory of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 3712 wrote to memory of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 3712 wrote to memory of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 3712 wrote to memory of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 3712 wrote to memory of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 3712 wrote to memory of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 3712 wrote to memory of 2388	3712	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	92
PID 2388 wrote to memory of 4884	2388	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	93
PID 2388 wrote to memory of 4884	2388	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	93
PID 2388 wrote to memory of 4884	2388	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	93
PID 2388 wrote to memory of 4884	2388	a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe	93

C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4492
- - C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
      4⤵
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        5⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        6⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        7⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        8⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        9⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        11⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        12⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        13⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        14⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        15⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        16⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        17⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        18⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        19⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        20⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        21⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        22⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        23⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        24⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        25⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        26⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        27⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        28⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        29⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        30⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        31⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        32⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        33⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        34⤵
        Suspicious use of SetThreadContext
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        35⤵
        Suspicious use of SetThreadContext
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        36⤵
        Suspicious use of SetThreadContext
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        37⤵
        Suspicious use of SetThreadContext
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        38⤵
        Suspicious use of SetThreadContext
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        39⤵
        Suspicious use of SetThreadContext
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        40⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        41⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        42⤵
        Suspicious use of SetThreadContext
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        43⤵
        Suspicious use of SetThreadContext
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        44⤵
        Suspicious use of SetThreadContext
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        45⤵
        Suspicious use of SetThreadContext
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        46⤵
        Suspicious use of SetThreadContext
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        47⤵
        Suspicious use of SetThreadContext
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        48⤵
        Suspicious use of SetThreadContext
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        49⤵
        Suspicious use of SetThreadContext
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        50⤵
        Suspicious use of SetThreadContext
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        51⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        52⤵
        Suspicious use of SetThreadContext
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        53⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        54⤵
        Suspicious use of SetThreadContext
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        55⤵
        Suspicious use of SetThreadContext
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        56⤵
        Suspicious use of SetThreadContext
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        57⤵
        Suspicious use of SetThreadContext
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        58⤵
        Suspicious use of SetThreadContext
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        59⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        60⤵
        Suspicious use of SetThreadContext
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        61⤵
        Suspicious use of SetThreadContext
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        62⤵
        Suspicious use of SetThreadContext
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        63⤵
        Suspicious use of SetThreadContext
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        64⤵
        Suspicious use of SetThreadContext
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        65⤵
        Suspicious use of SetThreadContext
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        66⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        67⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        69⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        70⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        71⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        72⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        73⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        74⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        75⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        78⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        79⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        80⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        81⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        82⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        83⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        84⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        85⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        87⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        89⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        91⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        92⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        94⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        95⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        96⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        97⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        98⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        99⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        100⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        101⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        102⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        103⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        104⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        105⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        106⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        107⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        108⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        109⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        110⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        111⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        112⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        113⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        115⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        116⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        117⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        118⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        120⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        121⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        122⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        123⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        124⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        125⤵
        System Location Discovery: System Language Discovery
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        126⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        127⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        128⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        129⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        130⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        131⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        132⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        133⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        134⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        135⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        136⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        138⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        139⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        140⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        141⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        142⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        143⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        144⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        145⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        146⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        147⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        148⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        149⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        150⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        151⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        153⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        154⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        155⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        156⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        157⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        158⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        159⤵
        System Location Discovery: System Language Discovery
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        160⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        161⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        162⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        164⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        165⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        166⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        167⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        168⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        170⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        171⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        172⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        173⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        174⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        175⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        176⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        177⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        178⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        179⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        180⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        181⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        182⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        183⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        184⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        185⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        187⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        188⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        189⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        190⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        191⤵
        System Location Discovery: System Language Discovery
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        192⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        193⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        194⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        195⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        196⤵
        System Location Discovery: System Language Discovery
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        197⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        198⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        199⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        200⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        201⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        202⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        203⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        204⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        205⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        206⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        207⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        208⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        209⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        210⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        212⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        213⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        214⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        215⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        216⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        217⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        218⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        219⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        220⤵
        System Location Discovery: System Language Discovery
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        221⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        222⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        223⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        224⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        225⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        226⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        227⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        228⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        229⤵
        System Location Discovery: System Language Discovery
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        230⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        231⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        232⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        233⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        234⤵
        System Location Discovery: System Language Discovery
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        235⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        236⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        237⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        238⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        239⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        240⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        241⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        242⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        243⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        244⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        245⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        246⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        247⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        248⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        249⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        250⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        251⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        252⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        253⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        254⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        255⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        256⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        257⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        258⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        259⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        260⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        261⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        262⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        263⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        264⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        265⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        266⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        267⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        268⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        269⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        270⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        271⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        272⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        273⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        274⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        275⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        276⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        277⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        278⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        279⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        280⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        281⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        282⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        283⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        284⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        285⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        286⤵
        System Location Discovery: System Language Discovery
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        287⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        288⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        289⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        290⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        291⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        292⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        293⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        294⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        295⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        296⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        297⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        298⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        299⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        300⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        301⤵
        System Location Discovery: System Language Discovery
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        302⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        303⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        304⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        305⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        306⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        307⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        308⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        309⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        310⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        311⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        312⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        313⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        314⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        315⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        316⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        317⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        318⤵
        System Location Discovery: System Language Discovery
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        319⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        320⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        321⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        322⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        323⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        324⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        325⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        326⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        327⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        328⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        329⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        330⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        331⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        332⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        333⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        334⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        335⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        336⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        337⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        338⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        339⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        340⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        341⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        342⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        343⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        344⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        345⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        346⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        347⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        348⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        349⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        350⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        351⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        352⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        353⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        354⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        355⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        356⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        357⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        358⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        359⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        360⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        361⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        362⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        363⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        364⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        365⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        366⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        367⤵
        System Location Discovery: System Language Discovery
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        368⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        369⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        370⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        371⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        372⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        373⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        374⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        375⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        376⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        377⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        378⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        379⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        380⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        381⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        382⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        383⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        384⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        385⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        386⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        387⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        388⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        389⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        390⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        391⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        392⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        393⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        394⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        395⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        396⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        397⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        398⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        399⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        400⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        401⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        402⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        403⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        404⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        405⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        406⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        407⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        408⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        409⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        410⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        411⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        412⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        413⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        414⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        415⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        416⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        417⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        418⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        419⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        420⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        421⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        422⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        423⤵
        System Location Discovery: System Language Discovery
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        424⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        425⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        426⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        427⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        428⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        429⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        430⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        431⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        432⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        433⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        434⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        435⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        436⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        437⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        438⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        439⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        440⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        441⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        442⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        443⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        444⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        445⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        446⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        447⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        448⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        449⤵
        System Location Discovery: System Language Discovery
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        450⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        451⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        452⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        453⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        454⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        455⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        456⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        457⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        458⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        459⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        460⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        461⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        462⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        463⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        464⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        465⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        466⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        467⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        468⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        469⤵
        System Location Discovery: System Language Discovery
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        470⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        471⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        472⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        473⤵
        System Location Discovery: System Language Discovery
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        474⤵
        System Location Discovery: System Language Discovery
        
        PID:180
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        475⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        476⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        477⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        478⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        479⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        480⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        481⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        482⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        483⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        484⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\a1849707367f80b29da945ce3cf58020_JaffaCakes118.exe
        
        485⤵
        
        PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/8-5679-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/228-2997-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/376-2934-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/440-5374-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/532-1653-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/544-2263-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/704-3727-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/764-2629-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/836-1775-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/964-5496-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1028-1043-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1036-3605-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1088-3186-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1164-4459-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1408-2751-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1460-5252-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1500-201-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1680-5191-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1864-1531-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1888-4093-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1956-1104-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1960-3056-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1992-5435-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2016-1165-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2028-3910-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2108-4703-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2120-982-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2152-921-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2168-2080-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2236-4642-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2268-4825-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2272-3239-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2384-4398-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2388-452-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2420-5557-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2476-1226-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2492-1958-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2496-3971-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2540-3483-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2720-4276-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2796-2019-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2812-39-0x00000000035E0000-0x00000000035F0000-memory.dmp

Filesize
64KB

Download
memory/2812-1-0x0000000002040000-0x0000000002050000-memory.dmp

Filesize
64KB

Download
memory/2812-43-0x0000000003620000-0x0000000003630000-memory.dmp

Filesize
64KB

Download
memory/2812-44-0x0000000003640000-0x0000000003650000-memory.dmp

Filesize
64KB

Download
memory/2812-45-0x0000000003650000-0x0000000003660000-memory.dmp

Filesize
64KB

Download
memory/2812-46-0x0000000003770000-0x0000000003780000-memory.dmp

Filesize
64KB

Download
memory/2812-47-0x0000000003780000-0x0000000003790000-memory.dmp

Filesize
64KB

Download
memory/2812-48-0x0000000003790000-0x00000000037A0000-memory.dmp

Filesize
64KB

Download
memory/2812-49-0x00000000037A0000-0x00000000037B0000-memory.dmp

Filesize
64KB

Download
memory/2812-50-0x00000000037B0000-0x00000000037C0000-memory.dmp

Filesize
64KB

Download
memory/2812-51-0x00000000037C0000-0x00000000037D0000-memory.dmp

Filesize
64KB

Download
memory/2812-52-0x00000000037D0000-0x00000000037E0000-memory.dmp

Filesize
64KB

Download
memory/2812-53-0x00000000037E0000-0x00000000037F0000-memory.dmp

Filesize
64KB

Download
memory/2812-54-0x00000000037F0000-0x0000000003800000-memory.dmp

Filesize
64KB

Download
memory/2812-10-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/2812-11-0x0000000002900000-0x0000000002910000-memory.dmp

Filesize
64KB

Download
memory/2812-12-0x0000000002910000-0x0000000002920000-memory.dmp

Filesize
64KB

Download
memory/2812-13-0x0000000002920000-0x0000000002930000-memory.dmp

Filesize
64KB

Download
memory/2812-9-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/2812-70-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2812-8-0x00000000028D0000-0x00000000028E0000-memory.dmp

Filesize
64KB

Download
memory/2812-7-0x00000000028C0000-0x00000000028D0000-memory.dmp

Filesize
64KB

Download
memory/2812-25-0x00000000029F0000-0x0000000002A00000-memory.dmp

Filesize
64KB

Download
memory/2812-27-0x0000000002A10000-0x0000000002A20000-memory.dmp

Filesize
64KB

Download
memory/2812-6-0x00000000028B0000-0x00000000028C0000-memory.dmp

Filesize
64KB

Download
memory/2812-41-0x0000000003600000-0x0000000003610000-memory.dmp

Filesize
64KB

Download
memory/2812-5-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/2812-4-0x0000000002890000-0x00000000028A0000-memory.dmp

Filesize
64KB

Download
memory/2812-3-0x0000000002880000-0x0000000002890000-memory.dmp

Filesize
64KB

Download
memory/2812-40-0x00000000035F0000-0x0000000003600000-memory.dmp

Filesize
64KB

Download
memory/2812-2-0x0000000002050000-0x0000000002060000-memory.dmp

Filesize
64KB

Download
memory/2812-26-0x0000000002A00000-0x0000000002A10000-memory.dmp

Filesize
64KB

Download
memory/2812-42-0x0000000003610000-0x0000000003620000-memory.dmp

Filesize
64KB

Download
memory/2812-24-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/2812-16-0x0000000002960000-0x0000000002970000-memory.dmp

Filesize
64KB

Download
memory/2812-15-0x0000000002950000-0x0000000002960000-memory.dmp

Filesize
64KB

Download
memory/2812-28-0x0000000002A20000-0x0000000002A30000-memory.dmp

Filesize
64KB

Download
memory/2812-14-0x0000000002930000-0x0000000002940000-memory.dmp

Filesize
64KB

Download
memory/2812-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2812-38-0x00000000035D0000-0x00000000035E0000-memory.dmp

Filesize
64KB

Download
memory/2812-37-0x00000000035C0000-0x00000000035D0000-memory.dmp

Filesize
64KB

Download
memory/2812-36-0x00000000035B0000-0x00000000035C0000-memory.dmp

Filesize
64KB

Download
memory/2812-35-0x00000000035A0000-0x00000000035B0000-memory.dmp

Filesize
64KB

Download
memory/2812-34-0x0000000003590000-0x00000000035A0000-memory.dmp

Filesize
64KB

Download
memory/2812-17-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/2812-19-0x0000000002990000-0x00000000029A0000-memory.dmp

Filesize
64KB

Download
memory/2812-18-0x0000000002980000-0x0000000002990000-memory.dmp

Filesize
64KB

Download
memory/2812-21-0x00000000029B0000-0x00000000029C0000-memory.dmp

Filesize
64KB

Download
memory/2812-33-0x0000000003580000-0x0000000003590000-memory.dmp

Filesize
64KB

Download
memory/2812-29-0x0000000003540000-0x0000000003550000-memory.dmp

Filesize
64KB

Download
memory/2812-32-0x0000000003570000-0x0000000003580000-memory.dmp

Filesize
64KB

Download
memory/2812-20-0x00000000029A0000-0x00000000029B0000-memory.dmp

Filesize
64KB

Download
memory/2812-31-0x0000000003560000-0x0000000003570000-memory.dmp

Filesize
64KB

Download
memory/2812-22-0x00000000029C0000-0x00000000029D0000-memory.dmp

Filesize
64KB

Download
memory/2812-23-0x00000000029D0000-0x00000000029E0000-memory.dmp

Filesize
64KB

Download
memory/2812-30-0x0000000003550000-0x0000000003560000-memory.dmp

Filesize
64KB

Download
memory/2944-1592-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2984-5069-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2992-555-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3056-5008-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3068-799-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3088-2690-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3132-4221-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3156-2202-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3168-307-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3180-3117-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3192-860-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3212-5313-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3240-4337-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3308-1287-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3440-2812-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3540-681-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3552-550-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3568-2324-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3580-2568-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3700-3788-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3712-368-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3792-3666-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3836-246-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4004-2141-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4028-1470-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4108-5740-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4200-2385-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4212-3849-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4228-1897-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4236-5624-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4256-4947-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4280-4581-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4288-617-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4296-4886-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4384-3300-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4384-4764-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4412-3422-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4444-4032-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4480-4520-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4492-63-0x0000000001F80000-0x0000000001F90000-memory.dmp

Filesize
64KB

Download
memory/4492-64-0x00000000020E0000-0x00000000020F0000-memory.dmp

Filesize
64KB

Download
memory/4492-57-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4492-59-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4492-66-0x0000000002100000-0x0000000002110000-memory.dmp

Filesize
64KB

Download
memory/4492-65-0x00000000020F0000-0x0000000002100000-memory.dmp

Filesize
64KB

Download
memory/4492-62-0x0000000001F70000-0x0000000001F80000-memory.dmp

Filesize
64KB

Download
memory/4492-122-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4492-60-0x0000000000540000-0x0000000000550000-memory.dmp

Filesize
64KB

Download
memory/4492-61-0x0000000001F60000-0x0000000001F70000-memory.dmp

Filesize
64KB

Download
memory/4496-3361-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4592-738-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4604-5130-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4624-1348-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4648-2446-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4744-2507-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4816-1836-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4880-4154-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4884-490-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4900-1409-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4980-1714-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5056-3544-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5112-2873-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download