1ac23e1f5068debd10fc32455b4404bf45207e19e8cbbd158c6582c8d20574bc

Analysis

max time kernel
29s
max time network
154s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Size

191KB
MD5

03ad8207112a52104de7990a5c4a8679
SHA1

fd910356f4beebfeaa854c2f78664ea768ec139d
SHA256

1ac23e1f5068debd10fc32455b4404bf45207e19e8cbbd158c6582c8d20574bc
SHA512

732378b2e4632bd2c0205d0e2ace43f4ba00fc368c40effeb629600973f3c88abdcae7db5d358805ca556f78fa55c2b11adf9a21214813ac30a8931840fbc6aa
SSDEEP

3072:n/na6WDmrZ5Cn79xvlr2xmOJ5wUuWXcfb0hw7IACb873684yVcx566/znzVT8IKk:n/nuDm9knmhJ4/sMLuO6/zdG9a

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 48 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe

Drops file in System32 directory 48 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 48 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\CLSID = "{13709620-C279-11CE-A49E-444553540000}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\InProcServer32\ThreadingModel = "Apartment"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\shellex\MayChangeDefaultMenu\	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\Param2 = "%ProgramFiles(x86)%\\Internet Explorer\\iexplore.exe"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\InProcServer32\ThreadingModel = "Apartment"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\CLSID = "{13709620-C279-11CE-A49E-444553540000}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\CLSID = "{3f454f0e-42ae-4d7c-8ea3-328250d6e272}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\Param1 = "http://%77%77%77%2e%37%34%30%30%2e%6e%65%74"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\shellex\MayChangeDefaultMenu	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\method = "ShellExecute"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\command = "´ò¿ªÖ÷Ò³"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\shellex\MayChangeDefaultMenu\	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\InProcServer32\ThreadingModel = "Apartment"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\method = "ShellExecute"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\shellex\MayChangeDefaultMenu	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\Param2 = "%ProgramFiles(x86)%\\Internet Explorer\\iexplore.exe"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\Param2 = "%ProgramFiles(x86)%\\Internet Explorer\\iexplore.exe"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\InProcServer32\ThreadingModel = "Apartment"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\command = "´ò¿ªÖ÷Ò³"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\InProcServer32\ = "%SystemRoot%\\SysWow64\\shdocvw.dll"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\CLSID = "{13709620-C279-11CE-A49E-444553540000}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\shellex\MayChangeDefaultMenu\	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\InProcServer32\ = "%SystemRoot%\\SysWow64\\shdocvw.dll"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\shellex\MayChangeDefaultMenu\	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\InProcServer32	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\CLSID = "{3f454f0e-42ae-4d7c-8ea3-328250d6e272}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\CLSID = "{3f454f0e-42ae-4d7c-8ea3-328250d6e272}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\Instance\InitPropertyBag\Param2 = "%ProgramFiles(x86)%\\Internet Explorer\\iexplore.exe"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78958891-6862-3318-7895-686227250099}\shellex\MayChangeDefaultMenu	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 3008	2700	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	32
PID 2700 wrote to memory of 3008	2700	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	32
PID 2700 wrote to memory of 3008	2700	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	32
PID 2700 wrote to memory of 3008	2700	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	32
PID 3008 wrote to memory of 1992	3008	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	33
PID 3008 wrote to memory of 1992	3008	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	33
PID 3008 wrote to memory of 1992	3008	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	33
PID 3008 wrote to memory of 1992	3008	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	33
PID 1992 wrote to memory of 2348	1992	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	34
PID 1992 wrote to memory of 2348	1992	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	34
PID 1992 wrote to memory of 2348	1992	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	34
PID 1992 wrote to memory of 2348	1992	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	34
PID 2348 wrote to memory of 1988	2348	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	35
PID 2348 wrote to memory of 1988	2348	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	35
PID 2348 wrote to memory of 1988	2348	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	35
PID 2348 wrote to memory of 1988	2348	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	35
PID 1988 wrote to memory of 2016	1988	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	37
PID 1988 wrote to memory of 2016	1988	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	37
PID 1988 wrote to memory of 2016	1988	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	37
PID 1988 wrote to memory of 2016	1988	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	37
PID 2016 wrote to memory of 2088	2016	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	38
PID 2016 wrote to memory of 2088	2016	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	38
PID 2016 wrote to memory of 2088	2016	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	38
PID 2016 wrote to memory of 2088	2016	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	38
PID 2088 wrote to memory of 2996	2088	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	39
PID 2088 wrote to memory of 2996	2088	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	39
PID 2088 wrote to memory of 2996	2088	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	39
PID 2088 wrote to memory of 2996	2088	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	39
PID 2996 wrote to memory of 968	2996	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	40
PID 2996 wrote to memory of 968	2996	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	40
PID 2996 wrote to memory of 968	2996	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	40
PID 2996 wrote to memory of 968	2996	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	40
PID 968 wrote to memory of 1008	968	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	41
PID 968 wrote to memory of 1008	968	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	41
PID 968 wrote to memory of 1008	968	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	41
PID 968 wrote to memory of 1008	968	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	41
PID 1008 wrote to memory of 1512	1008	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	42
PID 1008 wrote to memory of 1512	1008	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	42
PID 1008 wrote to memory of 1512	1008	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	42
PID 1008 wrote to memory of 1512	1008	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	42
PID 1512 wrote to memory of 1692	1512	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	43
PID 1512 wrote to memory of 1692	1512	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	43
PID 1512 wrote to memory of 1692	1512	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	43
PID 1512 wrote to memory of 1692	1512	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	43
PID 1692 wrote to memory of 1732	1692	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	44
PID 1692 wrote to memory of 1732	1692	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	44
PID 1692 wrote to memory of 1732	1692	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	44
PID 1692 wrote to memory of 1732	1692	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	44
PID 1732 wrote to memory of 2884	1732	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	45
PID 1732 wrote to memory of 2884	1732	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	45
PID 1732 wrote to memory of 2884	1732	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	45
PID 1732 wrote to memory of 2884	1732	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	45
PID 2884 wrote to memory of 2964	2884	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	46
PID 2884 wrote to memory of 2964	2884	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	46
PID 2884 wrote to memory of 2964	2884	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	46
PID 2884 wrote to memory of 2964	2884	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	46
PID 2964 wrote to memory of 1236	2964	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	47
PID 2964 wrote to memory of 1236	2964	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	47
PID 2964 wrote to memory of 1236	2964	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	47
PID 2964 wrote to memory of 1236	2964	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	47
PID 1236 wrote to memory of 2560	1236	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	48
PID 1236 wrote to memory of 2560	1236	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	48
PID 1236 wrote to memory of 2560	1236	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	48
PID 1236 wrote to memory of 2560	1236	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	48

C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
    3⤵
    - Drops file in Drivers directory
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
      4⤵
      Drops file in Drivers directory
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        5⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        6⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        7⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        8⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        9⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        10⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        11⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        12⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        13⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        14⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        15⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        16⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        17⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        18⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        19⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        20⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        21⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        22⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        23⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        24⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        25⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        26⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        27⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        28⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        29⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        30⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        31⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        32⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        33⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        34⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        35⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        36⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        37⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        38⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        39⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        40⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        41⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        42⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        43⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        44⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        45⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        46⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        47⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        48⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        49⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        50⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        51⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        52⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        53⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        54⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        55⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        56⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        57⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        58⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        59⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        60⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        61⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        62⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        63⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        64⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        65⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        66⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        67⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        68⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        69⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        70⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        71⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        72⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        73⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        74⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        75⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        76⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        77⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        78⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        79⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        80⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        81⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        82⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        83⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        84⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        85⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        86⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        87⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        88⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        89⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        90⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        91⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        92⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        93⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        94⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        95⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        96⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        97⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        98⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        99⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        100⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        101⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        102⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        103⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        104⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        105⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        106⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        107⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        108⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        109⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        110⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        111⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        112⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        113⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        114⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        115⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        116⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        117⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        118⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        119⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        120⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        121⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        122⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        123⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        124⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        125⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        126⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        127⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        128⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        129⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        130⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        131⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        132⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        133⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        134⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        135⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        136⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        137⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        138⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        139⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        140⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        141⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        142⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        143⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        144⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        145⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        146⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        147⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        148⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        149⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        150⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        151⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        152⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        153⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        154⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        155⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        156⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        157⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        158⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        159⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        160⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        161⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        162⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        163⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        164⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        165⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        166⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        167⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        168⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        169⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        170⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        171⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        172⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        173⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        174⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        175⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        176⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        177⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        178⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        179⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        180⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        181⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        182⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        183⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        184⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        185⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        186⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        187⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        188⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        189⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        190⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        191⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        192⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        193⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        194⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        195⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        196⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        197⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        198⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        199⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        200⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        201⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        202⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        203⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        204⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        205⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        206⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        207⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        208⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        209⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        210⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        211⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        212⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        213⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        214⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        215⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        216⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        217⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        218⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        219⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        220⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        221⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        222⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        223⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        224⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        225⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        226⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        227⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        228⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        229⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        230⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        231⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        232⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        233⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        234⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        235⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        236⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        237⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        238⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        239⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        240⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        241⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        242⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        243⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        244⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        245⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        246⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        247⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        248⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        249⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        250⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        251⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        252⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        253⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        254⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        255⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        256⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        257⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        258⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        259⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        260⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        261⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        262⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        263⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        264⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        265⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        266⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        267⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        268⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        269⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        270⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        271⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        272⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        273⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        274⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        275⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        276⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        277⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        278⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        279⤵
        
        PID:13800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56KJ964X\a[1].htm

Filesize
1KB

MD5
37e48bab25eb73fad50567c1b4932edd

SHA1
4b26a8ad91d4f94a38886f8b0d60793301f77133

SHA256
9a7542fbcf0a06197ee44c851b28fab213f08f15bb86bfd9653a874ce46c85c2

SHA512
3213d35f9ef884920ec08914b767b125f9c05f08c9c5591d0eccaa45121cf349bd23badd631455e9574cf03f0108a65294d2e5ea4e6f4bbaa7524e733781ca71

Download Submit
C:\Users\Admin\Desktop\°Ù¶ÈËÑË÷.url

Filesize
172B

MD5
22b614a4ee841c2e05923729a6ffdada

SHA1
c34f2381057f52b71e674ce64a82bd676e9d6960

SHA256
a58fd8e4d1c42e5df1784933b00c37227ae12e3a1f20ba01067178f4fbc7b11c

SHA512
86ed892aaea7f3759b9a73b0902e229ccaac754b45356ed1f710cc254d4c78dcc5468bc847a98f4079715e86a5dc709001765261bc897f80fac7a96dc687d444

Download Submit
C:\Users\Admin\Desktop\ÂãÁÄ´óÌü.lnk

Filesize
1KB

MD5
9e2026d1213e92d1a04e2f9cbc640204

SHA1
fd3e440d53b32729b1d6a59157ba85a67e76109e

SHA256
c1753a9ca9038d2f13996d61487cd68f2fd7eae1e3365d19762c53ee714842aa

SHA512
bbc2e759ed011707de5e3ad65914238e9cac82c84cee2cff8dfec2bfeb1cad92f45dcefca44d4c1e06507c7da77342ed4a423bca9a4c145d127c607977f5de33

Download Submit
C:\Users\Admin\Desktop\ÌÔ±¦Íø.url

Filesize
173B

MD5
059f6443035003a725962466c7d7a13c

SHA1
032bb625248c19eaca850c14840b6141415ecbda

SHA256
56b428cb43ddeaafbc2fafbd502f91a182aed00bda2714fcb07bdff24d7a371d

SHA512
ac22f2283abeb33716ff80afdff47a9a7244142953aa41a8cf86dffd2d53017c1c11cb9d607c5e79d0f84ff5e2819fdc774784a005dd1fe1141f49a2104ea824

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
7e74e4949706a02573b2e05f76dbe206

SHA1
7acc3ef17e382668df7da776235cdb0c8f9226f2

SHA256
f0fcb3bf430c571bc86ef94d374c089e5cbf17e8ba936da7a88edff0443af803

SHA512
25651974c327b98fd3adf91a61f4c5a4f348b1230fa664493604c5d5a3beee25e89f8a5fe21fd348acf0b8cee81bd5f0119518b61ad501292fc6642b5fd62a36

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
95296ec6415a2b291200e14c85705410

SHA1
ccc3f966079f63a849944999ab1bb149c84163ce

SHA256
95684de4cf45721cec319fda39aaa6bdb07f4daad0bf89a2c3d40a0f1bd2a22a

SHA512
fe642c8be806f1266f7be846a5a16bf4c2caca8022d32e60ba559f96bbd1191bd2a0b89abd28ce3b072d71c0fd990a8e5d648c85509b2ccba5bd142b7d5f27e7

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
6aa6a57c58e3379e784b826a38478d9c

SHA1
3c4bed25fb1b2807131840450c20213f6087ec4e

SHA256
6eedbda54f512d35e80dbccb301faedecb3b499a4feabb4de75d0b54bb668d96

SHA512
083cb2b90976339ea1effcfefe723b0a023f37b48c232e45869eae0df9c561529bacf6696f71b81596d01984c4c586a21c39da332b1af69ce3588b624a39b74c

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
aa57e24fb2eb727fad1517fab77009d0

SHA1
de28073a5e37f19ca9a5d60ce2f013502975f039

SHA256
7de63056dcbb720f86443ded9f053c5398549c08352b8bd4e28eb8e19a267628

SHA512
076fb43972c9a693fd0a84ee1c5cd2ca9a5be4446e107722c17cd779bc77562233a6dcc0ced61018daaa84990685456421415e96b99f73d262a7b69e7fa21396

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
175B

MD5
e748c3ed7251b94fccb861eecb27be04

SHA1
81bc5f84894b9f3d46704439071e0e8ce1538058

SHA256
f5199cd52b8c1721d374947a896ed58e5b525b7b0cd42ce42511057031d2dd43

SHA512
fbf66794fbf360b2d04bf0ddca2a32dcb9b8b764833cce5cb6cb52738ee9c0b70670b4bf5c74a3c6cbd0c379c49c5767c2e843343607d6de3f71e639c0961a3b

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
5a6172d1b347d25a0d83135a866a3f40

SHA1
8a3bb4b83d9d1f671c5364de4d6a76caa4606d83

SHA256
228a4e552a284ea97c5c01945ae9de09078dea68c4876c0d959463f519576a7b

SHA512
90827041bb41c96fd40d0f281cff4c17e24f3d3176e3dde2ffccdb55efb65966eaaf22e1a13b5f00fb2c97f4eac96439d03ea60a8f66be968a49bf95fc3f75e1

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
f54377fd9dc027937d21661127dc0d3b

SHA1
056585a8f353be360a10e1ff4b307202249325d7

SHA256
941d2c8260bb1f53885f762d187310d5dfbbb5248a2126de277a913ddff18c34

SHA512
1ad795eab006f6f3847b2e4bb53e42e07313c58e81a6e4099bb9d1e7d8e74ae9e7a587509d928c88a9c9b23cea6acbfc0bebb1e780f1c3ce96c5a8d1cfe90cfa

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
568b00cc7836047be8f25ba092c821db

SHA1
930d37c36603a4ea0a437987d68958495e743fe7

SHA256
9a267474a0c27d2d26d4e1867b4f71e6a8b1e41c830d0eb47aa1cd40f9e58380

SHA512
d0c57dc44965e9f0396042992b1131965039129a5db113735d4973f4a05f2fb31cabd03658a865f9e8f09301cd8b00ae0b144683c0eb2b720f06a66371f6674e

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
175B

MD5
fc9e3f3b6f96f1eb0d785525eddfa622

SHA1
fec7bb7685bb0e9e310e10db7080c9ad8ac34105

SHA256
edccafcade87e5cf704471956e4ddf79e711953287601b9dfc31fae6d8735dc2

SHA512
81b3dc0b2e75efb0d207d1205881419773c4c7a9c574e18d4d3b3c9b8990ee5c6ab177d21861ac87cb3816680d0b83db46450c8496dbfa29531533fe641a21ad

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
cc8dc47d91c79723eb9e76be402f91d8

SHA1
23f06bdd707d49678e5a71760f579b516af3ec98

SHA256
f6a7669ee8c040b7ed7954e082def58e2ba210a7aeffd8ffc0d940c596cd130d

SHA512
24703d0a31f0413a2b34416175815369877091c61172505cb500831d669a0d256fe224dd69c22f93993d10c6ebdc205133f63d8fbbd854342c92986930544eee

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
39a81759fb3daa174a7f8735b036ddcd

SHA1
b4693207ccb40ddf1310731ece5e45c63687a3ed

SHA256
28c97ed90a8d656c80aa42e83cf22c552fa86531fa5ce3755632e7dcd469c97e

SHA512
4650a8fbc4471ac6de5ed57b45749e6660a76de8cc3377b51304d40e268b1df51fb90a766a58aabcab1a5763af8c92861118c5340c55bf8b6ae48a560bd90cbc

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
6KB

MD5
543390f28502df39699660f9cd239e76

SHA1
1d1e2df005d9e5870e444eaa1967b450e168421e

SHA256
10fe27194edb7bd789335f7c92fcff37aa5e225717c2e938d1775b7eacc19c13

SHA512
4b6a021a815820f85b3e3f207abb7a952c3fa50b3afeb1b41680e4fd0e1c4c2207eba678cd46ad5abad0f05d7da1c89cc7fa013c66d510d9a7ee3ef16ccb4362

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
7KB

MD5
098da55c528953d8c4f6c3e6f6463f98

SHA1
2074ca39cd5f5f02c6ed393dd700426b8ddfe7dd

SHA256
ed19aa78ec233d01ca7f9ed82593663be864c48bc73cc3e9ae07ea1d4e64fca8

SHA512
5212e63cda02fd476f6302386824dfb5ade0911a2c66038f29a7c2e01565d6ff62efedbc732679164ea614294aafe7823a04f92e4abde8a5c0c07691e4645d1b

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
7KB

MD5
4f19d0b1d41a10690c5a93c44b2b9765

SHA1
45edf1ad24d050d16db5fe62c2777842c83443e2

SHA256
d850ba5429674f647537c35c6be33683215c2be0cfd1a250ed6bc0b00c8d0194

SHA512
4fa20bb4484e43894115b618da55de9b5d924634b688a7f1c44ac968a1f8c60c8133ecce6c6ce2c28ee2af1ed8fed95991c953b92717850d5ddb870f94a76a2d

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
7e4b81684a1e6321b48838c3c9fc1930

SHA1
f3e3c38545179fea1e2b45053ac3a4fef865ef92

SHA256
a0b07d77a19874969a3012c099ff2e4a5aa5b475fb7cadba23f5f813fb0cb6bd

SHA512
073cd54088bf80cbe79210a92341bb8f1d10972f137ddf5f5ca2d80305d2b98c7f6f48d3fbe5db530fb3876754ef59d3ed19c236cbc3be2edc146fe4f4542d11

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
ca413824da752ff2f562735be963b204

SHA1
31893ecc053823deadb880ea3f06d1afac87e80f

SHA256
78cc1d68d601d55c1380f8f16c55d42e0bb8df632836bb3dd4de858b0fcec0cc

SHA512
2995611be8f9b712cf2ca606a9a9251b7d2cbe64d495df537faf99c4b7639fa9783a2676f43ddc90ba944f829793e0872193bf4a3b5c19005a4cfe4d752b8169

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
fc6621d02cc8f9374fbf5135e141cba6

SHA1
f3938788c30f4e799be21ca40106570d5dedd1ec

SHA256
6e2d99feb664cace0aa78725769f7bf89160d7d1d3eaeaf96c0e7853b1110e83

SHA512
47e64d49f2f5a1fd6ae8e378cc9b63841b3a17edcb396d7c83778bba9469201d399803a1b3eff143b7dc18c51d1d888dd3711ef301587ed741d49372fa469ca3

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
4KB

MD5
08c83eb5c4c3db70a6037c855a649d7e

SHA1
f05be85cb5d9ad8e7677314b9acc12faf51ab939

SHA256
fb58e94ad1a7d4438f1c9b0d809ae49e2dca9f6fc292a55590bafdfa6bb658aa

SHA512
0368008ce23be6ef7c3975cd4a626cf486e303723b3372bd7a04a8930f72e8d0d0c1b8bd34d38cd3c680bcaa368b5eca614f0524251dc3bd174e97f13ab6f36e

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
843a01ce260f36bec8ccafbb84cebad6

SHA1
14b07e0b908de929c57200484d858d17619f02fe

SHA256
ea03f27b68d0f7284b7608f31ce74af3dde8bdf66f8a302f302aa355451d19f1

SHA512
aa99eb28851513d3402085afedfd0fdbcbdbffe42738ea9ba3e3f772b996850c294e2e537789dd2f43c660a83b4e9c4ca740fa58a9273d40ea28fa652280c85f

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
4KB

MD5
a432d00bcf667b1998de66b6538282f7

SHA1
07f1fdab712ef596861beaccf968ae87ae29618d

SHA256
85c15a769f89c0dfb15b1d8bea37c5f310694ea5d0655f28493ec3ff0b8642f8

SHA512
c4886b3ee067b4da47c4b41753b9360581a2dc939b8bb7c358da5b3ee20f577b7987f6fe7c66ef3cf355fa8010806839d1a24f76fa559c055b27bc6174fb4117

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
6KB

MD5
f7062b1687c5f233fe7ac804bc519f85

SHA1
cc1ee943b470798a0b28bd7e161b2f3a48ed3bd7

SHA256
62e8c71ee1901153e7f2498918a03b348cbfccc9dd9daabdc9a8ff5349a449d8

SHA512
9b2075a57fb6202dc7bf3c52ac03b285d31aad09f9e3b2950ce2d8a92fd74baac8b08e1e7892ef64d611718e9d4f9118f30f0c6f6a3d7fa096d8553de1618f3e

Download Submit
memory/892-317-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/968-236-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1008-237-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1032-316-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1096-318-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1236-268-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1512-238-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1584-303-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1692-244-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1732-245-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1856-281-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1976-293-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1988-207-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1992-195-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2016-213-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2084-294-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2088-218-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2264-330-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2348-206-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2560-269-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2572-282-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2700-933-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2700-173-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2884-246-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2964-257-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2996-225-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3008-194-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3128-339-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3216-340-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3296-353-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3384-366-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3464-367-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3564-375-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download