d52e02bf27cabfc0488f1095b57e047af134c2ea3d294252129c76421474af10

Analysis

max time kernel
140s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Size

1.9MB
MD5

0eea439204912dcd0acec580d1959c02
SHA1

0f537e7a2fcae45afac64de9e9d72f30547e0073
SHA256

d52e02bf27cabfc0488f1095b57e047af134c2ea3d294252129c76421474af10
SHA512

1d99462c05dc56c63f907836890f1b900f27527b4325583237ed2cbec90d4b8ffc66613e61b84877fd2677c6dab2babbdf22825602d1137a5a193fe97b9515cd
SSDEEP

49152:zXymLk8tc70F/LZcskx4iPX9P34ht5SYhwgjIF19x7:77tc7S9iOsY5IF17

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\O:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\B:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\G:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\H:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\I:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\K:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\L:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\Q:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\S:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\T:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\W:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\X:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\A:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\N:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\Y:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\Z:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\E:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\J:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\U:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\V:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\P:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File opened (read-only)	\??\R:	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\gang bang [milf] .rar.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian hardcore voyeur girly .mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\Temp\german trambling handjob lesbian ash (Jade,Gina).mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\horse porn [free] wifey .rar.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\asian lesbian hot (!) stockings .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black action [bangbus] ash boots (Sonja,Sylvia).avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish hardcore girls circumcision .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lesbian gang bang licking glans gorgeoushorny .zip.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\hardcore voyeur 40+ .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black cumshot xxx [bangbus] .avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black horse masturbation (Sonja).avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian kicking gang bang hot (!) .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beastiality full movie legs girly .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Download\xxx beastiality [milf] feet gorgeoushorny (Sonja,Liz).avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\italian fucking girls .zip.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\chinese beastiality nude hidden titts .avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\british cumshot cumshot catfight titts .rar.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\russian blowjob several models titts .avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fetish horse public bondage (Christine,Karin).mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\blowjob fetish lesbian feet gorgeoushorny (Sonja,Christine).mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Temp\russian sperm uncut boots (Sandy).rar.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Templates\brasilian cumshot fucking hidden high heels .mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian blowjob bukkake catfight nipples 50+ .rar.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia fucking hardcore [free] nipples .rar.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish porn trambling voyeur legs girly .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\gay hot (!) .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african kicking public .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\trambling hot (!) penetration (Anniston).zip.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Temp\animal girls black hairunshaved .avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\malaysia lesbian [free] 50+ (Gina,Sylvia).mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\kicking hot (!) boobs .avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\CbsTemp\danish gay bukkake several models traffic .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese bukkake beast public nipples .zip.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\kicking catfight glans girly (Sylvia).avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\action gang bang public ash .avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\action lesbian sleeping black hairunshaved .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\canadian hardcore catfight penetration .zip.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\security\templates\handjob full movie circumcision .mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\mssrv.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\chinese hardcore [milf] legs .zip.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake fetish [bangbus] black hairunshaved .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\assembly\tmp\african action porn big .mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian gay beast catfight feet (Liz,Britney).mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\PLA\Templates\japanese lesbian catfight .avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian hardcore girls hairy .rar.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\fucking beast [free] sweet .avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\assembly\temp\japanese horse several models nipples traffic .mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\norwegian lesbian xxx full movie ash .mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\asian horse hot (!) (Karin,Christine).avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\british gang bang trambling public .mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\spanish blowjob kicking licking mature .zip.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\Downloaded Program Files\horse uncut boobs fishy (Tatjana).avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\black blowjob fucking hidden hotel (Samantha,Jenna).avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish fucking nude voyeur .mpeg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\german horse full movie femdom .zip.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\InputMethod\SHARED\swedish kicking kicking [free] .zip.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\animal [bangbus] penetration .mpg.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\Download\beastiality full movie .avi.exe	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2080	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2080	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2876	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2876	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
1660	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
1660	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
556	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
556	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3172	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3172	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3304	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3304	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
4840	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
4840	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2080	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2080	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
5044	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
5044	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3008	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3008	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
1684	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
1684	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3568	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3568	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2876	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
2876	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3212	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
3212	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
1660	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
1660	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
556	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
556	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 216	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	82
PID 2384 wrote to memory of 216	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	82
PID 2384 wrote to memory of 216	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	82
PID 216 wrote to memory of 3788	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	83
PID 216 wrote to memory of 3788	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	83
PID 216 wrote to memory of 3788	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	83
PID 2384 wrote to memory of 4364	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	84
PID 2384 wrote to memory of 4364	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	84
PID 2384 wrote to memory of 4364	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	84
PID 3788 wrote to memory of 2080	3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	85
PID 3788 wrote to memory of 2080	3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	85
PID 3788 wrote to memory of 2080	3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	85
PID 216 wrote to memory of 2876	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	86
PID 216 wrote to memory of 2876	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	86
PID 216 wrote to memory of 2876	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	86
PID 2384 wrote to memory of 1660	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	87
PID 2384 wrote to memory of 1660	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	87
PID 2384 wrote to memory of 1660	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	87
PID 4364 wrote to memory of 556	4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	88
PID 4364 wrote to memory of 556	4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	88
PID 4364 wrote to memory of 556	4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	88
PID 3788 wrote to memory of 3172	3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	89
PID 3788 wrote to memory of 3172	3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	89
PID 3788 wrote to memory of 3172	3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	89
PID 216 wrote to memory of 3008	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	90
PID 216 wrote to memory of 3008	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	90
PID 216 wrote to memory of 3008	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	90
PID 2384 wrote to memory of 5044	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	91
PID 2384 wrote to memory of 5044	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	91
PID 2384 wrote to memory of 5044	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	91
PID 2080 wrote to memory of 3304	2080	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	92
PID 2080 wrote to memory of 3304	2080	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	92
PID 2080 wrote to memory of 3304	2080	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	92
PID 4364 wrote to memory of 4840	4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	93
PID 4364 wrote to memory of 4840	4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	93
PID 4364 wrote to memory of 4840	4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	93
PID 2876 wrote to memory of 1684	2876	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	94
PID 2876 wrote to memory of 1684	2876	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	94
PID 2876 wrote to memory of 1684	2876	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	94
PID 1660 wrote to memory of 3568	1660	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	95
PID 1660 wrote to memory of 3568	1660	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	95
PID 1660 wrote to memory of 3568	1660	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	95
PID 556 wrote to memory of 3212	556	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	96
PID 556 wrote to memory of 3212	556	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	96
PID 556 wrote to memory of 3212	556	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	96
PID 3788 wrote to memory of 3876	3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	99
PID 3788 wrote to memory of 3876	3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	99
PID 3788 wrote to memory of 3876	3788	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	99
PID 3172 wrote to memory of 1040	3172	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	100
PID 3172 wrote to memory of 1040	3172	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	100
PID 3172 wrote to memory of 1040	3172	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	100
PID 2384 wrote to memory of 1496	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	101
PID 2384 wrote to memory of 1496	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	101
PID 2384 wrote to memory of 1496	2384	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	101
PID 216 wrote to memory of 1600	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	102
PID 216 wrote to memory of 1600	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	102
PID 216 wrote to memory of 1600	216	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	102
PID 2080 wrote to memory of 2032	2080	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	103
PID 2080 wrote to memory of 2032	2080	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	103
PID 2080 wrote to memory of 2032	2080	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	103
PID 4364 wrote to memory of 4716	4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	104
PID 4364 wrote to memory of 4716	4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	104
PID 4364 wrote to memory of 4716	4364	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	104
PID 3304 wrote to memory of 1500	3304	0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe	105

C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:216
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        9⤵
        
        PID:20844
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:19820
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:20752
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:24228
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:24532
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:23024
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:21108
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:20032
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:15416
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:21308
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19904
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:23824
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:19096
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:21812
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:20576
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:16804
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:19076
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:21116
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19752
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:23864
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:24572
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:22000
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:21360
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:20456
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:17756
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:23984
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:24564
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:22984
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:23856
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:21824
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19152
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:19556
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:20868
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:19812
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:23992
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:16184
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:22960
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:20888
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:19828
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:22720
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:19560
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:18332
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:24664
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:20352
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:19668
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:20860
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19736
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:22728
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:24508
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:17140
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:24556
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:22692
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:19232
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:19120
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:19248
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:20836
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:18288
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:24656
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:24548
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19104
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:21756
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:21332
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:8120
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:14340
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:21036
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19112
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:18812
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:21352
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:20600
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:20676
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:21300
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:21044
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:23880
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:11536
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:16468
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:15708
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4364
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        8⤵
        
        PID:21064
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:19760
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:23888
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:22700
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:20896
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19744
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:21368
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:20716
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:20852
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:18592
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:22800
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:21232
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:22976
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19204
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:18224
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:21316
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:13584
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:19896
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:20760
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:18500
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:25004
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:24488
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:11320
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19516
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:13128
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:21424
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:19836
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19804
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:19568
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:23816
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:8160
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:21696
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:22948
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:22004
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:20704
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:19464
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:11544
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:16676
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:18484
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        7⤵
        
        PID:20724
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19616
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:23872
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:19196
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:18652
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:21444
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:20876
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:20468
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:24540
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:23832
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:23012
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:19128
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:23896
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:17712
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:20180
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:20132
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:13252
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:19432
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        6⤵
        
        PID:21524
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:19728
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:22968
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:15612
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:9368
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:19144
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:13096
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:20688
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:4240
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:14384
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:20696
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  PID:1496
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
        5⤵
        
        PID:19472
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:12220
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:23808
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:21888
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:8896
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:19136
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:12560
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:18232
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:21780
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  PID:3084
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:23848
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:12848
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:2536
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:14312
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  PID:6324
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
      4⤵
      PID:21324
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:14112
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:20568
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  PID:8148
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:17180
- - C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
    3⤵
    PID:24000
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  PID:11560
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  PID:16556
- C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0eea439204912dcd0acec580d1959c02_JaffaCakes118.exe"
  2⤵
  PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\chinese beastiality nude hidden titts .avi.exe

Filesize
497KB

MD5
f648accf32f7fd0ef1b671a0c3f2e88a

SHA1
b338b55ef03f08555127ad2b846a14a7f661a8b3

SHA256
5645f39d0824adc6ff998f4dd99d365e53e6e9cacec6ec4300f749aadd441566

SHA512
fbe42b23ba7541112789d6721bfd14961ec683bd564967bfdfefb06afb81492921310c23c9ae4c4336a5e156c773d692b65d4c8444416fa8e819a38521704450

Download Submit