137cc20abd49dfc1d858183e47c0ac02cb2e52eb970a36e21461792348b3bbc5

Analysis

max time kernel
26s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
28-08-2024 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Size

493KB
MD5

c772e73c275f0ebf16b772539188dd53
SHA1

0dce12f9887b3e4ac11f1459624e450c455fa4cc
SHA256

137cc20abd49dfc1d858183e47c0ac02cb2e52eb970a36e21461792348b3bbc5
SHA512

f93dd548b5b5995a230329d2e31cc7f54b5ab99c41529be3ca5cb05994f0999640bff8c0bf8d579bad2f7d6094fd88d5b62b4fa06bad89c7bbb98f3e1d386e2f
SSDEEP

12288:zXCNi9BipT7m/f1fBt85q5dL/GLxHyb51kmxBtrpB:2Wy7m/dfOIMLxH4smFz

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\K:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\P:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\Y:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\Z:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\Q:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\U:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\V:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\R:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\T:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\W:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\A:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\B:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\H:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\J:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\N:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\X:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\S:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\G:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\I:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\L:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\M:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File opened (read-only)	\??\O:	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\action several models vagina stockings .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\canadian porn masturbation leather .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian cum [milf] 50+ .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian beastiality handjob masturbation .avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia bukkake hot (!) (Gina).rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\Temp\gay [milf] vagina .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\african gang bang xxx lesbian glans .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\animal animal masturbation .mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish gay sleeping lady .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish beast action hot (!) feet (Tatjana,Janette).mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\spanish gay lesbian lesbian (Sarah,Samantha).mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\porn nude lesbian titts .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay [bangbus] lady .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Download\french hardcore blowjob catfight (Tatjana).mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian horse voyeur .mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beast gay masturbation pregnant (Sonja).zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\italian sperm sleeping nipples .mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Temp\african bukkake handjob [milf] .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\Templates\american action lesbian sleeping legs stockings .avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\british fucking handjob public cock femdom .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian sperm [milf] glans beautyfull (Britney,Ashley).avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian fucking uncut titts .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\tyrkish lesbian porn uncut .mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\malaysia fetish catfight mistress .avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\spanish horse girls .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\cumshot hidden traffic .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\trambling bukkake hidden swallow .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black cum big (Curtney,Tatjana).zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\trambling uncut .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\brasilian nude lesbian ejaculation .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\Download\malaysia porn cum catfight boots .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\russian gang bang masturbation ash penetration .mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\black gang bang handjob masturbation hole femdom .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie sperm [milf] glans latex (Sandy).mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\blowjob fucking several models (Liz,Melissa).avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\british trambling cumshot lesbian balls (Sonja,Tatjana).mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black cum girls nipples (Sandy).zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\malaysia kicking beastiality hot (!) legs .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\lesbian cum sleeping (Liz,Kathrin).avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\handjob [bangbus] titts beautyfull .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\german fetish [free] cock .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\british fucking lesbian sleeping glans (Jade,Liz).rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\british bukkake fucking [bangbus] hole .mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\italian handjob action sleeping granny (Jade).zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\chinese gang bang full movie (Tatjana).mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\handjob nude [bangbus] (Anniston,Sandy).rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\kicking [milf] castration .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\african xxx public nipples 50+ .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fucking catfight titts hairy (Britney,Melissa).mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\gang bang nude licking .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian beast [milf] ash redhair .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\horse horse girls high heels (Christine,Sandy).mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\sperm hardcore several models vagina mistress (Christine,Ashley).zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\bukkake fetish [bangbus] hotel (Curtney).zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\asian horse hot (!) .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american cum several models nipples black hairunshaved (Sandy,Jade).avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\danish kicking nude public .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\japanese hardcore lesbian hairy .avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\british gay [bangbus] blondie (Britney).rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\indian horse [bangbus] .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\PLA\Templates\fucking sleeping (Sandy,Gina).mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\beast several models castration .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\norwegian porn handjob catfight upskirt (Melissa).zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\russian cum [free] stockings .avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\horse licking beautyfull (Janette).avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese nude sleeping young (Sonja,Curtney).mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\russian cum bukkake [free] boobs boots .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gay sperm sleeping young .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\animal full movie .mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\lesbian trambling uncut traffic .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\horse sleeping boobs YEâPSè& .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\nude beast hot (!) girly .avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\japanese beast animal [free] ejaculation .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\black beastiality cum sleeping gorgeoushorny .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\beastiality several models .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\malaysia bukkake horse [bangbus] vagina .mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\american handjob sleeping vagina balls .mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\french hardcore xxx hot (!) .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\french porn hardcore licking (Sonja,Kathrin).mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\german nude hot (!) cock femdom .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\gang bang [bangbus] mistress .mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\brasilian handjob kicking girls vagina .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\chinese beastiality gang bang full movie vagina hotel .zip.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling fucking [bangbus] nipples balls (Samantha,Christine).mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\assembly\tmp\fucking gang bang full movie .mpg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\beastiality animal sleeping sm (Sonja).mpeg.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\italian porn horse hot (!) balls (Jade,Gina).avi.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\horse several models boobs .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\indian lingerie cum full movie .rar.exe	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2192	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2864	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2852	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2568	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2836	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2688	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2596	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2192	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
896	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2864	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
760	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2680	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
332	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2852	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1912	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2568	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2276	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1644	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1128	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2836	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2688	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2192	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2252	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2204	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2204	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2864	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2864	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2132	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2132	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1900	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1900	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2868	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2868	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2596	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2596	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
292	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
292	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1300	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1300	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1480	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
1480	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
760	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
760	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2852	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
2852	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
736	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
736	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2812	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	30
PID 1756 wrote to memory of 2812	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	30
PID 1756 wrote to memory of 2812	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	30
PID 1756 wrote to memory of 2812	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	30
PID 2812 wrote to memory of 2540	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	31
PID 2812 wrote to memory of 2540	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	31
PID 2812 wrote to memory of 2540	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	31
PID 2812 wrote to memory of 2540	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	31
PID 1756 wrote to memory of 2632	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	32
PID 1756 wrote to memory of 2632	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	32
PID 1756 wrote to memory of 2632	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	32
PID 1756 wrote to memory of 2632	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	32
PID 2540 wrote to memory of 2192	2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	33
PID 2540 wrote to memory of 2192	2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	33
PID 2540 wrote to memory of 2192	2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	33
PID 2540 wrote to memory of 2192	2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	33
PID 2632 wrote to memory of 2864	2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	34
PID 2632 wrote to memory of 2864	2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	34
PID 2632 wrote to memory of 2864	2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	34
PID 2632 wrote to memory of 2864	2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	34
PID 2812 wrote to memory of 2852	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	35
PID 2812 wrote to memory of 2852	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	35
PID 2812 wrote to memory of 2852	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	35
PID 2812 wrote to memory of 2852	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	35
PID 1756 wrote to memory of 2568	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	36
PID 1756 wrote to memory of 2568	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	36
PID 1756 wrote to memory of 2568	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	36
PID 1756 wrote to memory of 2568	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	36
PID 2192 wrote to memory of 2836	2192	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	37
PID 2192 wrote to memory of 2836	2192	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	37
PID 2192 wrote to memory of 2836	2192	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	37
PID 2192 wrote to memory of 2836	2192	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	37
PID 2864 wrote to memory of 2688	2864	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	38
PID 2864 wrote to memory of 2688	2864	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	38
PID 2864 wrote to memory of 2688	2864	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	38
PID 2864 wrote to memory of 2688	2864	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	38
PID 2852 wrote to memory of 2596	2852	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	39
PID 2852 wrote to memory of 2596	2852	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	39
PID 2852 wrote to memory of 2596	2852	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	39
PID 2852 wrote to memory of 2596	2852	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	39
PID 2632 wrote to memory of 896	2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	40
PID 2632 wrote to memory of 896	2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	40
PID 2632 wrote to memory of 896	2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	40
PID 2632 wrote to memory of 896	2632	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	40
PID 2568 wrote to memory of 760	2568	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	42
PID 2568 wrote to memory of 760	2568	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	42
PID 2568 wrote to memory of 760	2568	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	42
PID 2568 wrote to memory of 760	2568	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	42
PID 2812 wrote to memory of 2680	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	41
PID 2812 wrote to memory of 2680	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	41
PID 2812 wrote to memory of 2680	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	41
PID 2812 wrote to memory of 2680	2812	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	41
PID 2540 wrote to memory of 332	2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	43
PID 2540 wrote to memory of 332	2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	43
PID 2540 wrote to memory of 332	2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	43
PID 2540 wrote to memory of 332	2540	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	43
PID 1756 wrote to memory of 1912	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	44
PID 1756 wrote to memory of 1912	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	44
PID 1756 wrote to memory of 1912	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	44
PID 1756 wrote to memory of 1912	1756	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	44
PID 2836 wrote to memory of 2276	2836	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	45
PID 2836 wrote to memory of 2276	2836	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	45
PID 2836 wrote to memory of 2276	2836	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	45
PID 2836 wrote to memory of 2276	2836	c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe	45

C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        10⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        11⤵
        
        PID:23732
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        10⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:22952
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:23608
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:23764
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:23856
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:22928
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20868
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20852
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:21128
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:18628
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:18652
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:23656
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:21220
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20804
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:21080
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:21452
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:17512
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:23584
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:21008
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:23816
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:20564
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20820
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:21324
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20472
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:23632
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20748
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18596
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:23408
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20604
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18812
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21032
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23772
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23716
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:18588
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23124
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:24320
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20828
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20628
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18620
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:21764
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:23132
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:23616
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18532
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20336
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20464
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:17528
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23164
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20976
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20448
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20524
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21372
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18708
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:21048
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:18548
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23312
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15332
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23624
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:23052
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:21348
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20580
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:18668
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20532
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:21784
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20676
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:22944
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:21356
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:21444
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20756
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21056
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20876
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23244
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20508
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:23060
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20724
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21756
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15944
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20740
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20892
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20812
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23148
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:19948
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:21096
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:22884
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:21364
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18524
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:23808
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23724
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:18732
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20692
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23692
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20732
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:11340
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:22876
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23756
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:18508
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:22920
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:23464
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:292
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:21332
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20908
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23092
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21136
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23360
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:21040
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23368
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:18684
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:796
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:18756
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20788
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23700
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:20772
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:21340
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:11236
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:23156
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:23832
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:20700
- C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:23824
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:18572
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:23204
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20516
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:21836
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23116
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        9⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20572
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:18740
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20500
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21104
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:20844
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:16452
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:22896
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20660
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20796
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18724
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21112
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:18644
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:21120
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:21316
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20900
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:23648
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23328
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:19964
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23748
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23680
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14764
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18660
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21236
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21064
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:18516
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23236
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20652
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15980
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23336
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20588
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:14476
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:24824
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23108
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:24336
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:21812
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20484
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:24312
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:21652
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:20492
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20836
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:23576
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23800
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:19940
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:24328
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:20620
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:21144
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23740
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:23320
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:23344
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23252
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20716
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:18692
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:15484
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20556
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15476
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:18780
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:21796
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:20884
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:8504
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:18700
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:15068
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:14756
- C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:760
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        8⤵
        
        PID:18604
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23840
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18716
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:23076
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21072
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:24132
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:18676
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:23068
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20456
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20860
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:18580
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20764
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23212
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:18612
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:23084
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20668
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:24300
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:21776
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20984
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23456
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20548
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:21496
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:20540
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:10908
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:23352
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20032
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:14776
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:14184
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:23592
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:21088
- C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        7⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:11416
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23780
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:20596
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:18564
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:20644
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23304
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:18556
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:20708
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:15052
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:14744
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:18804
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:10736
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:20636
- C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:560
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:21152
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:18540
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:23600
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:23848
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
        5⤵
        
        PID:19932
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:18268
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:13752
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:23708
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:23100
- C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3176
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:15964
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:20436
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:11144
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:20612
- C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
  2⤵
  PID:4564
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:7996
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:12928
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:20684
- C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
  2⤵
  PID:6736
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:10372
  - - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
      4⤵
      PID:23640
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:18748
- C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
  2⤵
  PID:10832
- - C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
    3⤵
    PID:15584
- C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\c772e73c275f0ebf16b772539188dd53_JaffaCakes118.exe"
  2⤵
  PID:23140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\beast gay masturbation pregnant (Sonja).zip.exe

Filesize
157KB

MD5
a598d23dd3ff149d93afe7c3ba00f6a6

SHA1
c4116f6abeb87dfa774fbcbde668001741471b2e

SHA256
e183b386fa9e76e2e7a9bd60fd3c59a8ecaa59b4d46ad3b45ec6053950f104f1

SHA512
80934720c0286ba8b698314666cd113b4458e0b435f6250b5a738eac775f701e2756c3ee6e0781de968817f08b303f2a3715491b46addfdbcfe6178127aa9df2

Download Submit
C:\debug.txt

Filesize
183B

MD5
546c04daa32655354e5501f06241df45

SHA1
f3e67fab036eca4a40d227675334bf149f6f63fc

SHA256
ce93611b5a1f3f20ad987ea1acffc07a0cfdc77067c5fdd46c043f49935c6a03

SHA512
362b79c2c938b70682c04891dccf0ced00301966d73691f935eb5a0d43332ddedc212de29aa37869f104dbd00ebc394b391830d47e45ae93781587b40dd1b972

Download Submit