60c837e01b02be312c1b1a1135d07fe3ced04e04c5390f7afe7b2f85cb233943

Analysis

max time kernel
81s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Size

282KB
MD5

d747f1d49e132eb6616747403592ab27
SHA1

4d0ab11be2827b300d2bc9b6c8450c098c060fd7
SHA256

60c837e01b02be312c1b1a1135d07fe3ced04e04c5390f7afe7b2f85cb233943
SHA512

2041151d38cd26142616f120f69671c98af03823bfc2d7b45f35e010110c25180a04c14656ef711fc52a668de2865dfb8ab846759fb5f0952a0ca86f137df28e
SSDEEP

6144:QCQfM0GU7vTAqHc0WSuzQbI7KZJUpmkLO8xiyQvs3Ccnt2j75LbGRXOk+lcjkrEi:wKM/KM7

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 212	8	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	86
PID 8 wrote to memory of 212	8	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	86
PID 8 wrote to memory of 212	8	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	86
PID 212 wrote to memory of 2408	212	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	87
PID 212 wrote to memory of 2408	212	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	87
PID 212 wrote to memory of 2408	212	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	87
PID 2408 wrote to memory of 4620	2408	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	88
PID 2408 wrote to memory of 4620	2408	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	88
PID 2408 wrote to memory of 4620	2408	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	88
PID 4620 wrote to memory of 1932	4620	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	89
PID 4620 wrote to memory of 1932	4620	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	89
PID 4620 wrote to memory of 1932	4620	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	89
PID 1932 wrote to memory of 3660	1932	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	90
PID 1932 wrote to memory of 3660	1932	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	90
PID 1932 wrote to memory of 3660	1932	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	90
PID 3660 wrote to memory of 4524	3660	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	91
PID 3660 wrote to memory of 4524	3660	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	91
PID 3660 wrote to memory of 4524	3660	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	91
PID 4524 wrote to memory of 3968	4524	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	92
PID 4524 wrote to memory of 3968	4524	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	92
PID 4524 wrote to memory of 3968	4524	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	92
PID 3968 wrote to memory of 4324	3968	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	93
PID 3968 wrote to memory of 4324	3968	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	93
PID 3968 wrote to memory of 4324	3968	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	93
PID 4324 wrote to memory of 3800	4324	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	94
PID 4324 wrote to memory of 3800	4324	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	94
PID 4324 wrote to memory of 3800	4324	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	94
PID 3800 wrote to memory of 2124	3800	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	95
PID 3800 wrote to memory of 2124	3800	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	95
PID 3800 wrote to memory of 2124	3800	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	95
PID 2124 wrote to memory of 2240	2124	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	96
PID 2124 wrote to memory of 2240	2124	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	96
PID 2124 wrote to memory of 2240	2124	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	96
PID 2240 wrote to memory of 3476	2240	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	97
PID 2240 wrote to memory of 3476	2240	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	97
PID 2240 wrote to memory of 3476	2240	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	97
PID 3476 wrote to memory of 3232	3476	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	98
PID 3476 wrote to memory of 3232	3476	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	98
PID 3476 wrote to memory of 3232	3476	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	98
PID 3232 wrote to memory of 1812	3232	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	99
PID 3232 wrote to memory of 1812	3232	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	99
PID 3232 wrote to memory of 1812	3232	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	99
PID 1812 wrote to memory of 4128	1812	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	102
PID 1812 wrote to memory of 4128	1812	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	102
PID 1812 wrote to memory of 4128	1812	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	102
PID 4128 wrote to memory of 2532	4128	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	103
PID 4128 wrote to memory of 2532	4128	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	103
PID 4128 wrote to memory of 2532	4128	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	103
PID 2532 wrote to memory of 2276	2532	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	104
PID 2532 wrote to memory of 2276	2532	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	104
PID 2532 wrote to memory of 2276	2532	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	104
PID 2276 wrote to memory of 4816	2276	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	135
PID 2276 wrote to memory of 4816	2276	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	135
PID 2276 wrote to memory of 4816	2276	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	135
PID 4816 wrote to memory of 1788	4816	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	106
PID 4816 wrote to memory of 1788	4816	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	106
PID 4816 wrote to memory of 1788	4816	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	106
PID 1788 wrote to memory of 1804	1788	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	107
PID 1788 wrote to memory of 1804	1788	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	107
PID 1788 wrote to memory of 1804	1788	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	107
PID 1804 wrote to memory of 1728	1804	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	109
PID 1804 wrote to memory of 1728	1804	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	109
PID 1804 wrote to memory of 1728	1804	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	109
PID 1728 wrote to memory of 5108	1728	d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe	111

C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:8
- C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:212
- - C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        7⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        8⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        12⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        14⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        17⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        18⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        19⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        21⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        22⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        23⤵
        Checks computer location settings
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        24⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        25⤵
        
        PID:100
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        26⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        27⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        28⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        29⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        30⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        31⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        32⤵
        Checks computer location settings
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        33⤵
        Checks computer location settings
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        34⤵
        System Location Discovery: System Language Discovery
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        35⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        36⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        37⤵
        Checks computer location settings
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        38⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        39⤵
        Checks computer location settings
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        40⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        41⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        42⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        43⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        44⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        45⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        46⤵
        Checks computer location settings
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        47⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        48⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        49⤵
        System Location Discovery: System Language Discovery
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        50⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        51⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        52⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        53⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        54⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        55⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        56⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        57⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        58⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        59⤵
        Checks computer location settings
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        60⤵
        Checks computer location settings
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        61⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        62⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        63⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        64⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        65⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        66⤵
        Checks computer location settings
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        67⤵
        Checks computer location settings
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        68⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        70⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        71⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        72⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        74⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        75⤵
        Checks computer location settings
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        77⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        78⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        79⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        80⤵
        Checks computer location settings
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        81⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        82⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        83⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        84⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        86⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        88⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        89⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        90⤵
        Checks computer location settings
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        91⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        92⤵
        Checks computer location settings
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        93⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        94⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        95⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        96⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        97⤵
        Checks computer location settings
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        100⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        101⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        103⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        104⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        105⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        106⤵
        System Location Discovery: System Language Discovery
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        107⤵
        Checks computer location settings
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        108⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        109⤵
        Checks computer location settings
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        110⤵
        Checks computer location settings
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        111⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        112⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        113⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        115⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        116⤵
        Checks computer location settings
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        117⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        118⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        120⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        122⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        123⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        124⤵
        Checks computer location settings
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        125⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        126⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        127⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        128⤵
        Checks computer location settings
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        129⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        130⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        131⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        132⤵
        Checks computer location settings
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        133⤵
        System Location Discovery: System Language Discovery
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        134⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        135⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        136⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        138⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        139⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        141⤵
        Checks computer location settings
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        142⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        143⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        144⤵
        System Location Discovery: System Language Discovery
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        145⤵
        
        PID:100
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        146⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        147⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        148⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        149⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        150⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        151⤵
        Checks computer location settings
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        153⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        154⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        155⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        156⤵
        System Location Discovery: System Language Discovery
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        157⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        158⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        159⤵
        Checks computer location settings
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        160⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        161⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        162⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        164⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        165⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        166⤵
        Checks computer location settings
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        167⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        168⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        169⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        170⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        171⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        172⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        173⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        174⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        175⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        176⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        177⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        178⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        179⤵
        Checks computer location settings
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        180⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        181⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        182⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        183⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        185⤵
        System Location Discovery: System Language Discovery
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        186⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        187⤵
        Checks computer location settings
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        188⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        189⤵
        Checks computer location settings
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        190⤵
        System Location Discovery: System Language Discovery
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        191⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        192⤵
        System Location Discovery: System Language Discovery
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        193⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        194⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        195⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        196⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        197⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        198⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        199⤵
        Checks computer location settings
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        200⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        201⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        202⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        203⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        204⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        205⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        206⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        207⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        208⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        210⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        212⤵
        Checks computer location settings
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        213⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        214⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        215⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        216⤵
        Checks computer location settings
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        217⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        218⤵
        Checks computer location settings
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        219⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        220⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        221⤵
        Checks computer location settings
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        222⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        223⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        224⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        225⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        226⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        227⤵
        Checks computer location settings
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        228⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        229⤵
        Checks computer location settings
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        230⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        231⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        232⤵
        System Location Discovery: System Language Discovery
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        233⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        234⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        235⤵
        Checks computer location settings
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        236⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        237⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        238⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        239⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        240⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        241⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        242⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        243⤵
        Checks computer location settings
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        244⤵
        System Location Discovery: System Language Discovery
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        245⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        246⤵
        Checks computer location settings
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        247⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        248⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        249⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        250⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        251⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        252⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        253⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        254⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        255⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        256⤵
        Checks computer location settings
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        257⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        258⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        259⤵
        Checks computer location settings
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        260⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        261⤵
        Checks computer location settings
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        262⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        263⤵
        System Location Discovery: System Language Discovery
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        264⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        265⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        266⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        267⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        268⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        269⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        270⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        271⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        272⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        273⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        274⤵
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        275⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        276⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        277⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        278⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        279⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        280⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        281⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        282⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        283⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        284⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        285⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        286⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        287⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        288⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        289⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        290⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        291⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        292⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        293⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        294⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        295⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        296⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        297⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        298⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        299⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        300⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        301⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        302⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        303⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        304⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        305⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        306⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        307⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        308⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        309⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        310⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        311⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        312⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        313⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        314⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        315⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        316⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        317⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        318⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        319⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        320⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        321⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        322⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        323⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        324⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        325⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        326⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        327⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        328⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        329⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        330⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        331⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        332⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        333⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        334⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        335⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        336⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        337⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        338⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        339⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        340⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        341⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        342⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        343⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        344⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        345⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        346⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        347⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        348⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        349⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        350⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        351⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        352⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        353⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        354⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        355⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        356⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        357⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        358⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        359⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        360⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        361⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        362⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        363⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        364⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        365⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        366⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        367⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        368⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        369⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        370⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        371⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        372⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        373⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        374⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        375⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        376⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        377⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        378⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        379⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        380⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        381⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        382⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        383⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        384⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        385⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        386⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        387⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        388⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        389⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        390⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        391⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        392⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        393⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        394⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        395⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        396⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        397⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        398⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        399⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        400⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        401⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        402⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        403⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        404⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        405⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        406⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        407⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        408⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        409⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        410⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        411⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        412⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        413⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        414⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        415⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        416⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        417⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        418⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        419⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        420⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        421⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        422⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        423⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        424⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        425⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        426⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        427⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        428⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        429⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        430⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        431⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        432⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        433⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        434⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        435⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        436⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        437⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        438⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        439⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        440⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        441⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        442⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        443⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        444⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        445⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        446⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        447⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        448⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        449⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        450⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        451⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        452⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        453⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        454⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        455⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        456⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        457⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        458⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        459⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        460⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        461⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        462⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        463⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        464⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        465⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        466⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        467⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        468⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        469⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        470⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        471⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe"
        472⤵
        
        PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\d747f1d49e132eb6616747403592ab27_JaffaCakes118.exe.log

Filesize
312B

MD5
6dba4702b346903da02f7dd9e839a128

SHA1
d69f255866f30a87c9eca8312d425c47059bf15e

SHA256
29d145faac0201870c39b9119894f78694a776e03fc8f79349bdf92e56a65bcd

SHA512
33afef187e806838717238881aaaf41272f8b484fcfe97a85057fd43a7eeb119df813d6023d2ee770aa22a067f7e9d532dd1c30b512f9c48b76f838615863e1d

Download Submit
memory/8-0-0x0000000074E22000-0x0000000074E23000-memory.dmp

Filesize
4KB

Download
memory/8-1-0x0000000074E20000-0x00000000753D1000-memory.dmp

Filesize
5.7MB

Download
memory/8-2-0x0000000074E20000-0x00000000753D1000-memory.dmp

Filesize
5.7MB

Download
memory/8-5-0x0000000074E20000-0x00000000753D1000-memory.dmp

Filesize
5.7MB

Download
memory/212-4-0x0000000074E20000-0x00000000753D1000-memory.dmp

Filesize
5.7MB

Download
memory/212-6-0x0000000074E20000-0x00000000753D1000-memory.dmp

Filesize
5.7MB

Download
memory/212-7-0x0000000074E20000-0x00000000753D1000-memory.dmp

Filesize
5.7MB

Download
memory/212-9-0x0000000074E20000-0x00000000753D1000-memory.dmp

Filesize
5.7MB

Download
memory/2408-10-0x0000000074E20000-0x00000000753D1000-memory.dmp

Filesize
5.7MB

Download
memory/2408-11-0x0000000074E20000-0x00000000753D1000-memory.dmp

Filesize
5.7MB

Download
memory/2408-12-0x0000000074E20000-0x00000000753D1000-memory.dmp

Filesize
5.7MB

Download