1ac23e1f5068debd10fc32455b4404bf45207e19e8cbbd158c6582c8d20574bc

Analysis

max time kernel
24s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Size

191KB
MD5

03ad8207112a52104de7990a5c4a8679
SHA1

fd910356f4beebfeaa854c2f78664ea768ec139d
SHA256

1ac23e1f5068debd10fc32455b4404bf45207e19e8cbbd158c6582c8d20574bc
SHA512

732378b2e4632bd2c0205d0e2ace43f4ba00fc368c40effeb629600973f3c88abdcae7db5d358805ca556f78fa55c2b11adf9a21214813ac30a8931840fbc6aa
SSDEEP

3072:n/na6WDmrZ5Cn79xvlr2xmOJ5wUuWXcfb0hw7IACb873684yVcx566/znzVT8IKk:n/nuDm9knmhJ4/sMLuO6/zdG9a

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mm.vbs	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\CLSID = "{13709620-C279-11CE-A49E-444553540000}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\command = "´ò¿ªÖ÷Ò³"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\CLSID = "{13709620-C279-11CE-A49E-444553540000}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\InProcServer32	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\InProcServer32\ThreadingModel = "Apartment"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\shellex\MayChangeDefaultMenu\	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\command = "´ò¿ªÖ÷Ò³"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\shellex\MayChangeDefaultMenu\	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\shellex\MayChangeDefaultMenu\	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\method = "ShellExecute"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\InProcServer32\ = "%SystemRoot%\\SysWow64\\shdocvw.dll"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\InProcServer32\ThreadingModel = "Apartment"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\shellex\MayChangeDefaultMenu	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\shellex\MayChangeDefaultMenu	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\shellex\MayChangeDefaultMenu	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\command = "´ò¿ªÖ÷Ò³"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\Param2 = "%ProgramFiles(x86)%\\Internet Explorer\\iexplore.exe"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\method = "ShellExecute"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\command = "´ò¿ªÖ÷Ò³"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\Param1 = "http://%77%77%77%2e%37%34%30%30%2e%6e%65%74"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\Param1 = "http://%77%77%77%2e%37%34%30%30%2e%6e%65%74"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\InProcServer32\ThreadingModel = "Apartment"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\shellex\MayChangeDefaultMenu\	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shellex	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\shellex\MayChangeDefaultMenu	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\command = "´ò¿ªÖ÷Ò³"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\CLSID = "{13709620-C279-11CE-A49E-444553540000}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\InProcServer32\ = "%SystemRoot%\\SysWow64\\shdocvw.dll"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\CLSID = "{13709620-C279-11CE-A49E-444553540000}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\Param1 = "http://%77%77%77%2e%37%34%30%30%2e%6e%65%74"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\CLSID = "{3f454f0e-42ae-4d7c-8ea3-328250d6e272}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\InProcServer32\ = "%SystemRoot%\\SysWow64\\shdocvw.dll"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\Instance\InitPropertyBag\CLSID = "{13709620-C279-11CE-A49E-444553540000}"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36079252-2851-3623-3607-285116410255}\InProcServer32\ = "%SystemRoot%\\SysWow64\\shdocvw.dll"	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 1256	1300	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	84
PID 1300 wrote to memory of 1256	1300	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	84
PID 1300 wrote to memory of 1256	1300	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	84
PID 1256 wrote to memory of 2340	1256	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	85
PID 1256 wrote to memory of 2340	1256	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	85
PID 1256 wrote to memory of 2340	1256	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	85
PID 2340 wrote to memory of 1188	2340	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	86
PID 2340 wrote to memory of 1188	2340	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	86
PID 2340 wrote to memory of 1188	2340	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	86
PID 1188 wrote to memory of 4976	1188	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	87
PID 1188 wrote to memory of 4976	1188	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	87
PID 1188 wrote to memory of 4976	1188	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	87
PID 4976 wrote to memory of 3640	4976	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	88
PID 4976 wrote to memory of 3640	4976	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	88
PID 4976 wrote to memory of 3640	4976	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	88
PID 3640 wrote to memory of 3644	3640	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	89
PID 3640 wrote to memory of 3644	3640	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	89
PID 3640 wrote to memory of 3644	3640	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	89
PID 3644 wrote to memory of 2720	3644	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	90
PID 3644 wrote to memory of 2720	3644	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	90
PID 3644 wrote to memory of 2720	3644	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	90
PID 2720 wrote to memory of 3940	2720	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	91
PID 2720 wrote to memory of 3940	2720	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	91
PID 2720 wrote to memory of 3940	2720	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	91
PID 3940 wrote to memory of 2444	3940	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	92
PID 3940 wrote to memory of 2444	3940	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	92
PID 3940 wrote to memory of 2444	3940	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	92
PID 2444 wrote to memory of 4404	2444	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	93
PID 2444 wrote to memory of 4404	2444	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	93
PID 2444 wrote to memory of 4404	2444	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	93
PID 4404 wrote to memory of 2860	4404	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	94
PID 4404 wrote to memory of 2860	4404	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	94
PID 4404 wrote to memory of 2860	4404	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	94
PID 2860 wrote to memory of 1320	2860	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	95
PID 2860 wrote to memory of 1320	2860	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	95
PID 2860 wrote to memory of 1320	2860	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	95
PID 1320 wrote to memory of 4288	1320	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	96
PID 1320 wrote to memory of 4288	1320	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	96
PID 1320 wrote to memory of 4288	1320	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	96
PID 4288 wrote to memory of 4704	4288	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	97
PID 4288 wrote to memory of 4704	4288	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	97
PID 4288 wrote to memory of 4704	4288	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	97
PID 4704 wrote to memory of 400	4704	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	98
PID 4704 wrote to memory of 400	4704	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	98
PID 4704 wrote to memory of 400	4704	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	98
PID 400 wrote to memory of 4888	400	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	99
PID 400 wrote to memory of 4888	400	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	99
PID 400 wrote to memory of 4888	400	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	99
PID 4888 wrote to memory of 2848	4888	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	100
PID 4888 wrote to memory of 2848	4888	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	100
PID 4888 wrote to memory of 2848	4888	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	100
PID 2848 wrote to memory of 3380	2848	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	101
PID 2848 wrote to memory of 3380	2848	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	101
PID 2848 wrote to memory of 3380	2848	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	101
PID 3380 wrote to memory of 4668	3380	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	102
PID 3380 wrote to memory of 4668	3380	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	102
PID 3380 wrote to memory of 4668	3380	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	102
PID 4668 wrote to memory of 2012	4668	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	103
PID 4668 wrote to memory of 2012	4668	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	103
PID 4668 wrote to memory of 2012	4668	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	103
PID 2012 wrote to memory of 4432	2012	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	104
PID 2012 wrote to memory of 4432	2012	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	104
PID 2012 wrote to memory of 4432	2012	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	104
PID 4432 wrote to memory of 4720	4432	03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe	105

C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Checks computer location settings
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
  2⤵
  - Drops file in Drivers directory
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1256
- - C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
      4⤵
      Drops file in Drivers directory
      Checks computer location settings
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        5⤵
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        6⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        7⤵
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        8⤵
        Drops file in Drivers directory
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        9⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        10⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        11⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        12⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        13⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        14⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        15⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        16⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        17⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        18⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        19⤵
        Drops file in Drivers directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        20⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        21⤵
        Drops file in Drivers directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        22⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        23⤵
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        24⤵
        Drops file in Drivers directory
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        25⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        26⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        27⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        28⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        29⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        30⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        31⤵
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        32⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        33⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        34⤵
        Drops file in Drivers directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        35⤵
        Drops file in Drivers directory
        Modifies registry class
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        36⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        37⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        38⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        39⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        40⤵
        Drops file in Drivers directory
        System Location Discovery: System Language Discovery
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        41⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        42⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        43⤵
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        44⤵
        Drops file in Drivers directory
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        45⤵
        Drops file in Drivers directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        46⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        47⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        48⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        Modifies registry class
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        49⤵
        Drops file in Drivers directory
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        50⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        51⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        52⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        53⤵
        Drops file in Drivers directory
        Checks computer location settings
        Modifies registry class
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        54⤵
        Checks computer location settings
        Modifies registry class
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        55⤵
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        56⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        Modifies registry class
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        57⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        58⤵
        Drops file in Drivers directory
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        59⤵
        Drops file in Drivers directory
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        60⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        61⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        62⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        63⤵
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        64⤵
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        65⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        66⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        67⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        68⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        69⤵
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        70⤵
        Drops file in Drivers directory
        System Location Discovery: System Language Discovery
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        71⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        72⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        73⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        74⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        75⤵
        Drops file in Drivers directory
        System Location Discovery: System Language Discovery
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        76⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        77⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        78⤵
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        79⤵
        Checks computer location settings
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        80⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        81⤵
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        82⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        83⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        84⤵
        Checks computer location settings
        Modifies registry class
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        85⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        86⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        87⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        88⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        89⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        90⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        91⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        92⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        93⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        94⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        95⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        96⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        97⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        98⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        99⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        100⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        101⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        102⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        103⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        104⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        105⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        106⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        107⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        108⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        109⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        110⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        111⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        112⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        113⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        114⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        115⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        116⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        117⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        118⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        119⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        120⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        121⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        122⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        123⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        124⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        125⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        126⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        127⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        128⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        129⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        130⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        131⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        132⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        133⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        134⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        135⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        136⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        137⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        138⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        139⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        140⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        141⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        142⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        143⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        144⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        145⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        146⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        147⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        148⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        149⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        150⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        151⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        152⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        153⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        154⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        155⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        156⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        157⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        158⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        159⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        160⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        161⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        162⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        163⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        164⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        165⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        166⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        167⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        168⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        169⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        170⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        171⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        172⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        173⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        174⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        175⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        176⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        177⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        178⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        179⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        180⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        181⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        182⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        183⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        184⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        185⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        186⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        187⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        188⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        189⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        190⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        191⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        192⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        193⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        194⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        195⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        196⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        197⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        198⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        199⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        200⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        201⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        202⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        203⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        204⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        205⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        206⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        207⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        208⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        209⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        210⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        211⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        212⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        213⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        214⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        215⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        216⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        217⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        218⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        219⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        220⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        221⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        222⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        223⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        224⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        225⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        226⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        227⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        228⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        229⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        230⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        231⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        232⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        233⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        234⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        235⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        236⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        237⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        238⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        239⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        240⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        241⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        242⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        243⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        244⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        245⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        246⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        247⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        248⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        249⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        250⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        251⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        252⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        253⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        254⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        255⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        256⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        257⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        258⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        259⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        260⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        261⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        262⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        263⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        264⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        265⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        266⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        267⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        268⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        269⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        270⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        271⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        272⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        273⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        274⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        275⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        276⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        277⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        278⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        279⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        280⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        281⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        282⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        283⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        284⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        285⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        286⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        287⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        288⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        289⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        290⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        291⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        292⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        293⤵
        
        PID:16468
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        294⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        295⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        296⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        297⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        298⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        299⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        300⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        301⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        302⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        303⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        304⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        305⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        306⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        307⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        308⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        309⤵
        
        PID:17152
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        310⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        311⤵
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        312⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        313⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        314⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        315⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        316⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        317⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        318⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        319⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        320⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        321⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        322⤵
        
        PID:17556
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        323⤵
        
        PID:17636
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        324⤵
        
        PID:17728
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        325⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        326⤵
        
        PID:17900
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        327⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        328⤵
        
        PID:18048
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        329⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        330⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        331⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        332⤵
        
        PID:18380
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        333⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        334⤵
        
        PID:17608
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        335⤵
        
        PID:17792
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        336⤵
        
        PID:17956
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        337⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        338⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        339⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        340⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        341⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        342⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        343⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        344⤵
        
        PID:18024
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        345⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        346⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        347⤵
        
        PID:18472
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        348⤵
        
        PID:18568
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        349⤵
        
        PID:18644
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        350⤵
        
        PID:18744
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        351⤵
        
        PID:18824
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        352⤵
        
        PID:18904
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        353⤵
        
        PID:18992
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        354⤵
        
        PID:19068
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        355⤵
        
        PID:19148
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        356⤵
        
        PID:19248
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        357⤵
        
        PID:19324
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        358⤵
        
        PID:19404
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        359⤵
        
        PID:18524
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        360⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        361⤵
        
        PID:18736
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        362⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        363⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        364⤵
        
        PID:19240
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        365⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        366⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        367⤵
        
        PID:18816
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        368⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        369⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        370⤵
        
        PID:18440
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        371⤵
        
        PID:19032
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        372⤵
        
        PID:19176
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        373⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        374⤵
        
        PID:19468
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        375⤵
        
        PID:19564
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        376⤵
        
        PID:19644
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        377⤵
        
        PID:19716
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        378⤵
        
        PID:19804
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        379⤵
        
        PID:19884
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        380⤵
        
        PID:19976
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        381⤵
        
        PID:20048
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        382⤵
        
        PID:20124
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        383⤵
        
        PID:20220
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        384⤵
        
        PID:20304
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        385⤵
        
        PID:20384
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        386⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        387⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        388⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        389⤵
        
        PID:19960
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        390⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        391⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        392⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        393⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        394⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        395⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        396⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        397⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        398⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        399⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        400⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        401⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        402⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        403⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        404⤵
        
        PID:20512
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        405⤵
        
        PID:20592
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        406⤵
        
        PID:20664
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        407⤵
        
        PID:20752
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        408⤵
        
        PID:20832
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        409⤵
        
        PID:20928
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        410⤵
        
        PID:21000
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        411⤵
        
        PID:21088
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        412⤵
        
        PID:21164
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        413⤵
        
        PID:21240
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        414⤵
        
        PID:21320
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        415⤵
        
        PID:21396
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        416⤵
        
        PID:21476
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        417⤵
        
        PID:20504
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        418⤵
        
        PID:20648
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        419⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        420⤵
        
        PID:20912
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        421⤵
        
        PID:20992
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        422⤵
        
        PID:21080
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        423⤵
        
        PID:18360
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        424⤵
        
        PID:21360
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        425⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        426⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        427⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        428⤵
        
        PID:18468
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        429⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        430⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        431⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        432⤵
        
        PID:18988
        
        C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03ad8207112a52104de7990a5c4a8679_JaffaCakes118.exe"
        433⤵
        
        PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WLXU5DI6\a[1].htm

Filesize
1KB

MD5
37e48bab25eb73fad50567c1b4932edd

SHA1
4b26a8ad91d4f94a38886f8b0d60793301f77133

SHA256
9a7542fbcf0a06197ee44c851b28fab213f08f15bb86bfd9653a874ce46c85c2

SHA512
3213d35f9ef884920ec08914b767b125f9c05f08c9c5591d0eccaa45121cf349bd23badd631455e9574cf03f0108a65294d2e5ea4e6f4bbaa7524e733781ca71

Download Submit
C:\Users\Admin\Desktop\°Ù¶ÈËÑË÷.url

Filesize
172B

MD5
22b614a4ee841c2e05923729a6ffdada

SHA1
c34f2381057f52b71e674ce64a82bd676e9d6960

SHA256
a58fd8e4d1c42e5df1784933b00c37227ae12e3a1f20ba01067178f4fbc7b11c

SHA512
86ed892aaea7f3759b9a73b0902e229ccaac754b45356ed1f710cc254d4c78dcc5468bc847a98f4079715e86a5dc709001765261bc897f80fac7a96dc687d444

Download Submit
C:\Users\Admin\Desktop\ÂãÁÄ´óÌü.lnk

Filesize
1KB

MD5
9a8d634ff520120f73a1a2db4cae036f

SHA1
4d58d89dd1228b3e94278306e74242d9aa945e1d

SHA256
edd80b9b5d8c1f6b4989a5f5d7222c844fcaf265ead7fd302d0612c24fd4a43a

SHA512
f30f70b5c1e77cd1008c8f7f1e3c7f5743f5dc3af5f3085e9604a1ed39724c9c570556f00966c0fa4c0af19a59b359e28df6e521d9728518cd9bbd36b07d5bfd

Download Submit
C:\Users\Admin\Desktop\ÌÔ±¦Íø.url

Filesize
171B

MD5
d9ed2549e1a87bd3c65af75312fa8641

SHA1
df0a4ff8a988c2fa8676ee981927bf12cdabb0e6

SHA256
6aaab45a0597b7e6325b97618f75944da56353f8ad8f6525153db13663e403f2

SHA512
74af97f7a01f9600e7c6a4ee694c37dca580384e1fdb4344a99dbdafff92aa9f3620fa3d3646b7cab2d57ac4b89b1531e7e2bd0bf987c9dfb8b693afecc8ad2c

Download Submit
C:\Users\Admin\Desktop\ÌÔ±¦Íø.url

Filesize
51B

MD5
957613ef6e76de87cddbff4e4ec18558

SHA1
788500719a482d97cb62d059827ecf1502f667ae

SHA256
f34c63d7565e85934c55fda1e99c3651581551e5a3e5eb6fdeb4a6710f87c3d6

SHA512
1d37bb62a7d410639dae9574cb652ab53cfe1f662d4e886a0785a5c640a50ffcd24b151127d0881e7487fecb83eb0cf64ec5b24c374621df01500e8ff27a6947

Download Submit
C:\Users\Admin\Desktop\ÌÔ±¦Íø.url

Filesize
20B

MD5
f14a9f1417503c7dc1dd6759de850312

SHA1
2647c9cfe611b033824c3998b9e17a69eb7a8d65

SHA256
8c05d3fb956dac02702a9377d361116e2ad6b2f079e36ada56df98d240cc3d96

SHA512
677fbe17bd9b318a69aed59af3b81a340cdddbe430e34f7d15b02f279118be65a2c7b7b30618bd8d0331de60d7f15de0e0864c3ed7fb90eef6eeac3187d9c3c1

Download Submit
C:\Users\Admin\Desktop\ÌÔ±¦Íø.url

Filesize
173B

MD5
059f6443035003a725962466c7d7a13c

SHA1
032bb625248c19eaca850c14840b6141415ecbda

SHA256
56b428cb43ddeaafbc2fafbd502f91a182aed00bda2714fcb07bdff24d7a371d

SHA512
ac22f2283abeb33716ff80afdff47a9a7244142953aa41a8cf86dffd2d53017c1c11cb9d607c5e79d0f84ff5e2819fdc774784a005dd1fe1141f49a2104ea824

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
175B

MD5
fdab29f8b3dd961405e34779522f10fd

SHA1
bffe5f73ed238d586e4fa4a0c72997ca02b6df28

SHA256
7209f03fd50e28e0e0cd43876b06d8ad5eff00c60f6f4225dae73f49b56e70ac

SHA512
416f05ff739cadb86f563e6a5b7c545555ef08de8b60c26ac2a44a9df3a798221bcdc8886e361b28f43612b20bb7ef82b5a4d6204c5b950b665b97457c6c0620

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
9118600d0923dc4b21f771f4fb600cce

SHA1
48aae5db2524d83116b42eba213581ddd56a788b

SHA256
e393f9e103d65052d651f294c0756a04c004fde40121cd103ad26761326810e6

SHA512
bd22fd53723f906ed3ef237ea6fe40f88d93ffa7b2f4c890a445cb18b3afc39296c7659dc769df7897d9c26bba88f63865966aad01cac80612404977141afeba

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
585361c46ce0e1453cbb19111f151d8f

SHA1
711363f219266f308fba2ef28442ccb5fa92dba0

SHA256
67c534dada56af30f25b86f8bd01f749bd61f4052e15b19426de4768fb41246e

SHA512
db8de2b7589f74727f57638be1339fd37f63f853b105a4e7791cfffe8de024b58515689504002583e854aad7185fc71f3ed8c2eda0f430a9ec761ccb8a913867

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
3769a69741487fcb1aea055d3f4d4b2c

SHA1
cdaf4e00573353b6c1663f65422427433f1bed30

SHA256
4c6a1b5dfc9df516a1c0d5742825bd76a8979faff14b275d26e4f7d5da801490

SHA512
3d9f577a272816ce37c073d79364027f5c24ee19bbee99536275a72cc1b4e73be57386e9d8b24c6c85e0aec61a9c51f5c8da9948641891b295da06872b9310e6

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
df0dc8babb74bc01683df4d1e14de851

SHA1
09a5eef7cf42927bfd6ab1a8a5fc6993b783d614

SHA256
3d2e04f6191b5b1a6cd0a7d2e11daec2d7fa2d2d3aed78fe20b0a9536e53b176

SHA512
91c9b97609f5daf0d289ceda93238da94b6a5e6d55776b3f4bc84af4f3dcc9dbfeb934fac6eb585bf759d2f8b8e84cd07bf3527ff204c0757999bb0d70b254fb

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
ccff3caa962ed349c7ba9b09c3e89a5f

SHA1
f37c9d2a86dba5c1c735c886152db5c90bf48542

SHA256
c1c45af239f4daca39851c5cc3fd9c7c5513d3e3064b06af936505b065602709

SHA512
7e5fb06c868359f369e632cedc4e53a55bb68893f32cf94a6224f9fd0aa30fcf1b0b7e44b239df3d3d19664caf48c5c03b8321e54587d259d5e5e1ea20c1e579

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
51a4af373082d28467a88a11878ab2bd

SHA1
be616577b712c9bb77c47f58c6fda4c09a750d38

SHA256
ba228945763f5142fce458402e74a2665ba88f7c4ab13949b6f7e3ee1abc3062

SHA512
2775d3c140a1e3cf6a724693ee5080eccb60417071ff4241ee782221eafc5769222265c9ffb6a541cc30e5094620cb48349e83fdc18604598a36f6845e7c1371

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
32717e6dbf382d1003d122e9f45991db

SHA1
ca3a426989be0a462095701d95de0db2a62abd67

SHA256
3e57e33b24ca9d3479ac219054fb8cca6b3c2587616b649ca5a7801e913ec29c

SHA512
eb9041af79b6555c883ff8ee73cf5bce233f737bf0fce6d1c54c0f36090600c0cd336967721dd7de2c0c3d13feb7648a3f65b2636a141f94ff72a8ed08582e3b

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
25b29b0fb20cd6d0253740c1060b9af1

SHA1
814fe51a0288feff5020319c33f8c43302ef3100

SHA256
7bc01add328a7eff9ced0bc660fa7798f0b592c708f0fd330a96ef6b01adc9f1

SHA512
67de40513267713e33f9dccebca4e85ec2dfbbdd42964fd1bd7273154c388b604bbeab50a1d16cce93a87ee89fd5e860b1fdf41cc3894aa2802a860bb539b4d6

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
5b3ad40d57e5aa163d43889194f61503

SHA1
83be319573936e38a141fe4e1ce92acbedb14e84

SHA256
d48ed2c6072263a59167173687107e0bcad2d6528475f1cc72d5f544d96afeae

SHA512
a970194156ea675791a2ae2971f47e6daa3efe0308daf82a1ffb0c726f1a6755096b934d2ea5664d73095ede22eca6de6c7e15630082e6f0a89b9bb4abc31b8b

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
4dd68c8f12436506e12ca44bad6e621e

SHA1
7211753cfb6924c365b1bc9bde17b5fdb7d8f7f7

SHA256
b28a59fcce07b8b8a156a367d90a5df3de60dce242da39625709d56592869b00

SHA512
85340597264197618b9a097009e1b903905e2a3f5eccb8ce4ea8860195945dcc72f344fa2d2f66a961f238da9d6a7a3f1f79ff37e3bad8e695d537281ce4d0d1

Download Submit
C:\Windows\SysWOW64\mm.vbs

Filesize
177B

MD5
0e69b24b764c28a0f239c0231aea6c8a

SHA1
065e1d04ae597457b4941a27302b707b37355e97

SHA256
6277504fa8850329a3b021f7c95b33c5804414c58e689dd48e13b989680cb308

SHA512
e5662acd28ac6d735a3f103000e299a297643bc98d0ba27b1e0ac36c28a54d0aa8ca52f8797386b78f2aa95c9bd4f9303c45416741d18358dbd23a48c230a58b

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
6KB

MD5
60cd6cf1c80611e4ab5dc4d1c3983b1c

SHA1
57f4633033f0d4f97830ac49c794645f5dec19bd

SHA256
12da5e5104f0da02f93f7a598cfd88fe5f02fa71c316f9049ac3b2632f454d75

SHA512
26ff433bfe1c99cdf58bc48434aabcf21efcff6ee1f288a9b4c823112b9cd0e4d950759fc8ad64007e67d0530edc25b6eabe5d65c8bd6fd3cac1d1bbc8de949e

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
6KB

MD5
de3ef479a53cd2c8997323686bc01c46

SHA1
832176d47421800102f30053647b978ad674ed06

SHA256
beb1da46d6dbc2a836fc24edfdf5a2fb843b0be85842260d84f279fd3f3f5e80

SHA512
91d78abf1929bf0b3a099940c9d17c9dbb588dd1aaadc7aa8e9ef443e0fb65249aef6821f921dabe6fc8324d19b06e0b759f402d4deac632a65729ad88ffc1c1

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
7KB

MD5
83e07cdd3bc3382158ece3529f502be2

SHA1
9b504103426e58df2ba805b526ca97d7f9892b36

SHA256
54ea2884bbd53f159ef961d44816be19e2aacc112050e66fe6c71d96942f3cbc

SHA512
3bd8dce3b45557be047ea6ebba37aefe18fdea0abd02d9fa365d57d072979a0b27764832a0b921ecf047ce90be42cb9798108c2fd84c49f32281f0217ce5bbcf

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
8KB

MD5
304d2cae740cbd2ef9c50c771c157346

SHA1
a773824041a9c9fdf6c37e6fb0dce927c1c30309

SHA256
db719fae58451b8ef55479ac185917c42794ae459cf4bde2ba64912dcabada6b

SHA512
4bcfe631db71008a9fad137ec95d80778eb02a4ef68f94f30d98c036b43e10e438e1ed85b9f39fa104937ac853fb788b230110231ce9ec32d2145cd089963913

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
ae16116e642f43f0b545d7e2deec0110

SHA1
b063bcf11cee30894d641cad9a1fea6a52f5e3fc

SHA256
ecc022c3540a0cf4d7023b7f97f52228d6325ea9a8082ba1e1a2dc4b033f3a84

SHA512
c95b04fcceb2e15dcc326ed40d1595c1e9ba33ed3759bbabf14f72fddf52bdbddb396ba4adf39c308a7132e416de305fbe2a486624f750319dcb0e897202dfd2

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
6ed494bbe633c76f5939c3524f01ae9f

SHA1
69fb018fb95fec286f112b05edee401a2258de18

SHA256
857fb50caca1d95ab13dca91be84e65bd938aa716f55d4085f3c1f1be36fc631

SHA512
b99da4ca3efb6e874ad4ec22276ff9a004aa0a2d479a47d7c10a2b466dcaf5125b19bd80c5d749c254463c0e4cd4cee6eead4ae7504357036b276302eadfbfc7

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
4KB

MD5
d36ffc06b85061d59b754ae1916e8161

SHA1
cf6e426d5ae08cad23a1e188ec9ffb4695604337

SHA256
b0c6a7725ae033bea5db66d5cb7acc69394848accbbee20f03ec16ac985dceb2

SHA512
9406e9e797d175f158bbd511f8670aeeb6951909b0963526f71b1ad5d8d0ba9e5998dcc95821a80490ee359b7f3fbfbf5c02f05702009281f5fc6f8027e95b5c

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
ba4103bb8812cd9a9a660eaf021331b4

SHA1
5ddac554387c0473221a0d439dd215ec63cc27e8

SHA256
29e4f939add2b498f8e971abf75ce08cd331defebbb09bc2d4d9938ebb057eec

SHA512
504dc168463adc12591dbf79c1e9e63b5aa19b99be94de8f92e060a5dd1490b8420952cf9f688f9824bfbb2e973a659207e9204db3ccf92f94c78b3b8099a704

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
5KB

MD5
e0e640d0ac568ab293eae11454bc077c

SHA1
826fc7dce2ccc3cacc5a96c7d35fb4d65e8f5944

SHA256
32e323161aeb69f21737815b37bfa3944addc28a21de9edb636d2075beba6c8c

SHA512
f15278b10f5f54c47b7dcf5ea8b1923bfa6019a4e4613329e4e62f06d589d2babc43e0e0402f323e758f8ace7e6adb698a66ee8810834dee0a16060836fb37a4

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
5KB

MD5
c6f3791fcb6c9eaa124a4b1103efd9ad

SHA1
76d3302deae23abdc390170b0e98f12f5b96a691

SHA256
d2fabf7e8f870bda4557340c2670f710c17b5cf2611c043dc040eb6086a34e7d

SHA512
2849240e92e172fdc182cfbe31e46bf4900df3e1e87282dc4f07da73e806f8ddbddb635c4bfa4338d3dc26896532af1d619dd68e1bfda72169760dc9f88d900c

Download Submit
memory/400-393-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/408-442-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1188-326-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1256-304-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1300-283-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1300-1427-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1320-370-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1524-462-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2012-418-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2340-325-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2444-352-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2612-461-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2720-350-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2848-395-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2860-369-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3380-396-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3528-443-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3612-463-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3640-328-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3644-349-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3940-351-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4044-485-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4288-371-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4404-353-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4432-419-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4504-444-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4620-460-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4668-397-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4704-372-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4720-420-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4888-394-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4976-327-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/5008-441-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download