7c62584469ed5beb83cefcd253db91ac7a05fe64dfde243e38fdf458d2cfc82d

Analysis

max time kernel
15s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Size

1.0MB
MD5

39b5065b0729aaea67075e1ef3ae1763
SHA1

10393d80ea0fbea8438dfa641cc1303632d3eb77
SHA256

7c62584469ed5beb83cefcd253db91ac7a05fe64dfde243e38fdf458d2cfc82d
SHA512

af480b08a8ec8a39efac94c562bb88d0aaf3ba06f11cfaf26edce507141d4606bed6da5b37aab89f2b636aaecda60a0f4ea27155bb32c2ac0581f15ad98a8fb5
SSDEEP

24576:2WjI0DtCJZKU7A9pIfcewtCAI4kR9Rkuhh6wryFR:z80D4h71aHI4kRrbhh6wWD

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\M:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\P:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\Q:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\Y:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\Z:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\A:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\E:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\I:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\J:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\R:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\T:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\W:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\H:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\K:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\O:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\S:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\X:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\B:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\L:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\N:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\U:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File opened (read-only)	\??\V:	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\italian cumshot [bangbus] .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\trambling horse [free] .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish beast bukkake public hole redhair .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\german cumshot fetish hot (!) high heels .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\german cumshot gang bang girls ash ¼ë (Curtney,Christine).mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\animal [milf] (Britney).mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black horse several models .mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\handjob lesbian .mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gay lesbian bedroom .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\Temp\american trambling animal [milf] feet redhair .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian cumshot gay lesbian circumcision (Sonja).zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish gang bang handjob masturbation cock .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\Updates\Download\canadian blowjob uncut glans (Curtney,Gina).mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Download\blowjob horse [free] legs .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Templates\blowjob lesbian high heels .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gang bang voyeur beautyfull (Kathrin,Gina).rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian trambling public .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese animal public hairy .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\french beastiality cumshot girls castration (Liz,Sonja).rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\italian cumshot big shower .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lingerie hidden hole ash .mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian fetish full movie leather .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\american beastiality xxx voyeur balls .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish gay cum big redhair .mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american porn trambling voyeur ash black hairunshaved .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\action [bangbus] blondie .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african bukkake [milf] cock redhair (Jenna).mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish kicking beastiality catfight (Sonja).rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Temp\american blowjob sperm [bangbus] young (Jenna,Samantha).mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\african hardcore gay catfight bondage .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\InputMethod\SHARED\tyrkish hardcore voyeur nipples .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\security\templates\british beastiality big legs lady (Gina,Curtney).mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\cumshot lesbian .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\swedish action lesbian .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\russian action masturbation pregnant .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\xxx fucking licking boobs .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\norwegian xxx girls legs upskirt (Samantha,Samantha).zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\norwegian gang bang several models upskirt .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\black beast gang bang catfight glans shoes (Sonja,Sandy).mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\asian fetish big ejaculation .mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\brasilian hardcore hardcore big femdom .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\porn voyeur .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cum lesbian uncut glans shoes .mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\italian lingerie beastiality [milf] (Karin,Sonja).avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\nude full movie hole .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\hardcore catfight fishy .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\brasilian cum hot (!) .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\asian handjob lesbian licking legs (Sonja).mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\spanish hardcore horse [milf] sm (Curtney,Christine).rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\black kicking blowjob [free] hotel .mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\spanish lesbian lingerie hot (!) glans upskirt .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\spanish gang bang lesbian several models .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\gay kicking full movie feet 50+ .mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\beast [milf] shower .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\french blowjob fucking licking leather .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\canadian lingerie girls latex .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\spanish beastiality gay masturbation gorgeoushorny (Sonja).rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\spanish handjob trambling public boobs upskirt .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\american porn fucking uncut Ôï (Sonja,Sarah).mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\indian sperm cum [bangbus] .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\bukkake cum lesbian boots .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\fetish trambling several models .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\indian xxx [milf] circumcision .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\tyrkish xxx action [milf] (Sylvia).mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\Downloaded Program Files\blowjob nude voyeur .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\asian bukkake action catfight beautyfull .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gang bang full movie YEâPSè& .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\lesbian lesbian .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\british hardcore [milf] young .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\american action gay [milf] cock (Kathrin).mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\russian fucking porn catfight stockings (Sarah,Anniston).avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\indian nude beast big bondage (Gina,Britney).mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\lingerie cum licking mature (Sandy,Jenna).mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\spanish bukkake big .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\lingerie porn uncut YEâPSè& .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian bukkake [bangbus] cock .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\sperm licking high heels (Britney,Sarah).avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\cumshot catfight ejaculation .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\japanese sperm blowjob [free] vagina (Liz,Curtney).zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\gay nude licking (Christine,Ashley).rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\PLA\Templates\kicking lesbian .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\kicking hardcore voyeur hole granny (Samantha,Ashley).mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\porn licking .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\japanese fetish hardcore girls 40+ .mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\xxx several models leather (Sonja,Kathrin).mpeg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\russian bukkake hot (!) (Janette).mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\bukkake gang bang catfight (Tatjana,Sylvia).mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\porn horse [milf] castration .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\horse trambling girls upskirt (Anniston).rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\CbsTemp\spanish cumshot licking girly .avi.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\horse fetish several models legs .zip.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\canadian horse bukkake uncut circumcision .mpg.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\kicking beast catfight Ôï .rar.exe	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4760	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4760	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
1096	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
1096	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4484	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4484	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
3872	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
3872	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
2696	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
2696	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
1292	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
1292	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
2828	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
2828	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4760	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4760	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
1420	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
1420	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4224	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4224	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
1096	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
1096	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
2456	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
2456	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4508	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4508	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4484	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
4484	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
3872	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
3872	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
2108	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
2108	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
556	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
556	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 412 wrote to memory of 5008	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	86
PID 412 wrote to memory of 5008	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	86
PID 412 wrote to memory of 5008	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	86
PID 412 wrote to memory of 972	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	87
PID 412 wrote to memory of 972	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	87
PID 412 wrote to memory of 972	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	87
PID 5008 wrote to memory of 388	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	88
PID 5008 wrote to memory of 388	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	88
PID 5008 wrote to memory of 388	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	88
PID 972 wrote to memory of 4760	972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	89
PID 972 wrote to memory of 4760	972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	89
PID 972 wrote to memory of 4760	972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	89
PID 412 wrote to memory of 1096	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	90
PID 412 wrote to memory of 1096	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	90
PID 412 wrote to memory of 1096	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	90
PID 5008 wrote to memory of 4484	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	91
PID 5008 wrote to memory of 4484	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	91
PID 5008 wrote to memory of 4484	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	91
PID 388 wrote to memory of 3872	388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	92
PID 388 wrote to memory of 3872	388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	92
PID 388 wrote to memory of 3872	388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	92
PID 972 wrote to memory of 2696	972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	93
PID 972 wrote to memory of 2696	972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	93
PID 972 wrote to memory of 2696	972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	93
PID 412 wrote to memory of 1292	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	94
PID 412 wrote to memory of 1292	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	94
PID 412 wrote to memory of 1292	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	94
PID 4760 wrote to memory of 1420	4760	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	95
PID 4760 wrote to memory of 1420	4760	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	95
PID 4760 wrote to memory of 1420	4760	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	95
PID 5008 wrote to memory of 2828	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	96
PID 5008 wrote to memory of 2828	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	96
PID 5008 wrote to memory of 2828	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	96
PID 1096 wrote to memory of 4224	1096	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	97
PID 1096 wrote to memory of 4224	1096	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	97
PID 1096 wrote to memory of 4224	1096	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	97
PID 388 wrote to memory of 2456	388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	98
PID 388 wrote to memory of 2456	388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	98
PID 388 wrote to memory of 2456	388	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	98
PID 4484 wrote to memory of 1692	4484	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	99
PID 4484 wrote to memory of 1692	4484	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	99
PID 4484 wrote to memory of 1692	4484	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	99
PID 3872 wrote to memory of 4508	3872	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	100
PID 3872 wrote to memory of 4508	3872	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	100
PID 3872 wrote to memory of 4508	3872	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	100
PID 972 wrote to memory of 2108	972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	101
PID 972 wrote to memory of 2108	972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	101
PID 972 wrote to memory of 2108	972	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	101
PID 412 wrote to memory of 556	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	102
PID 412 wrote to memory of 556	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	102
PID 412 wrote to memory of 556	412	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	102
PID 2696 wrote to memory of 5028	2696	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	103
PID 2696 wrote to memory of 5028	2696	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	103
PID 2696 wrote to memory of 5028	2696	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	103
PID 4760 wrote to memory of 1964	4760	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	104
PID 4760 wrote to memory of 1964	4760	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	104
PID 4760 wrote to memory of 1964	4760	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	104
PID 1292 wrote to memory of 3600	1292	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	105
PID 1292 wrote to memory of 3600	1292	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	105
PID 1292 wrote to memory of 3600	1292	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	105
PID 5008 wrote to memory of 1180	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	106
PID 5008 wrote to memory of 1180	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	106
PID 5008 wrote to memory of 1180	5008	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	106
PID 1096 wrote to memory of 3336	1096	39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe	107

C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:412
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5008
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:388
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        9⤵
        
        PID:19380
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        8⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        8⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        8⤵
        
        PID:19112
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        8⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        8⤵
        
        PID:19332
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:18176
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:19216
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:18976
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        8⤵
        
        PID:19348
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:19144
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:19056
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19264
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:21248
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:18104
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:21240
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19136
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        8⤵
        
        PID:19364
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:21256
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:19288
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:18992
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19176
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:16140
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19308
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19104
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19032
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:11388
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7276
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:19192
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19072
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19240
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:20108
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19224
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19160
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:18056
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19232
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19296
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14212
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7364
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:19724
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19532
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19356
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19048
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:18080
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19016
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:18064
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:19184
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:20200
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14984
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:7924
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:11668
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:14068
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:18152
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:972
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:19128
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19256
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:18968
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:19324
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19040
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19008
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14012
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:18960
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:18088
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:8012
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7320
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19024
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19080
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:18984
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:19152
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:21460
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:12616
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19064
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:9584
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:21272
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:13956
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:18028
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:19652
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:8004
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:11412
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:13812
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:18016
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1096
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        7⤵
        
        PID:21264
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19000
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19088
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:21232
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:18120
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        6⤵
        
        PID:19340
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19200
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:11620
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:18952
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:18144
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19372
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:19272
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:15628
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:18112
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7204
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:7848
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:11304
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:14180
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:7352
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1292
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19208
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:18036
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:19316
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:16100
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:8304
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:18128
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
        5⤵
        
        PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:13760
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:19248
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:7864
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:14156
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:14312
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:18168
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:15980
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:19168
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:9680
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:16044
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:19120
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  PID:1812
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:10964
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:11296
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:14164
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:7328
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  PID:6064
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
      4⤵
      PID:7252
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:13744
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:19280
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  PID:7948
- - C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
    3⤵
    PID:14916
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  PID:11368
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  PID:14132
- C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\39b5065b0729aaea67075e1ef3ae1763_JaffaCakes118.exe"
  2⤵
  PID:5860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gang bang voyeur beautyfull (Kathrin,Gina).rar.exe

Filesize
386KB

MD5
212f60e51acf0816cdc47a35fd63c4a3

SHA1
c2ada6d89b9ea980e4ab075e614c192ce7304827

SHA256
33ec35713ef2f6017a6c6e7d3900ee97c3524961028a0492605d5432d9b4b663

SHA512
1bc0aa25d98fa0898f8798e07bd35128da8b18ad56bdcaa0a9b3a7e877a982df0d2c0239352a351000b82cfc806110457f600f35d38cd0e12e2e2b9c06d2861e

Download Submit
C:\debug.txt

Filesize
146B

MD5
460037a30a7b3bb02989cf290e5a3265

SHA1
08c487ef59aba0598f91ae601f8c591e8d1641b0

SHA256
620ccb40bd490231b9666d21cb8084a2d4152e9ac39118e09e510a6d1659a7d0

SHA512
2468ea5f3e24c05dc9ec5c53d0d7326b7dd4868b503d2b9bb71e179a90a8363f9f3a29e3125dc4ddbd02374b64f6f15382aaf7099745725994bbb803ec722633

Download Submit