183c3aa4b3bae521223bbaa06c0ef7b71d127df55aa7acce17bb19f2e4830022

Analysis

max time kernel
29s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 16:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Size

1.6MB
MD5

40cda495f5e27a530a9b023209f63559
SHA1

b5e944d38002dfd9c52f23aa33ff4ba7e74a453e
SHA256

183c3aa4b3bae521223bbaa06c0ef7b71d127df55aa7acce17bb19f2e4830022
SHA512

e8a6c40a2299b597c73a168c433f0d4c3710cc9e503e1875165265fffdd81b781d32f5ff809425a798d94bf83fae2cbf42f4f149e4ad2daa51c6580146731d4e
SSDEEP

49152:zWa/RN4elov/LHaU8Ffynsh2gVCxFEsFex4pbMtOcEt9nOeI/:aa5xFN2Osk4pzccRs

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\J:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\P:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\W:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\B:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\E:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\S:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\V:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\X:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\Y:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\H:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\K:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\Q:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\R:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\T:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\N:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\O:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\L:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\M:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\U:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\Z:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\A:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File opened (read-only)	\??\G:	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\african sperm trambling full movie ash .rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish beast lesbian masturbation YEâPSè& .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\russian porn masturbation ash (Sylvia).mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore masturbation .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\gang bang [milf] shoes .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\danish action trambling uncut .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian trambling sperm licking vagina swallow .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian action xxx lesbian mature (Gina,Sarah).mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\Temp\action fucking catfight .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian gay porn several models titts sweet .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\tyrkish gay porn hidden legs .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\japanese trambling nude big circumcision .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\bukkake lingerie uncut .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\blowjob cumshot full movie gorgeoushorny (Tatjana).rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish beast sleeping .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\canadian lingerie uncut ash gorgeoushorny (Sarah,Jenna).mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\fetish uncut bondage .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\handjob beast big castration .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie licking sm (Tatjana).rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Temp\animal full movie feet ejaculation .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Download\blowjob big .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\handjob big legs penetration .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\Templates\blowjob masturbation boobs .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\french horse action sleeping glans penetration .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\african blowjob gang bang girls glans .rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\lesbian gay uncut vagina young (Jade,Sonja).mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\african beast uncut ejaculation (Jade).avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\porn handjob [bangbus] (Janette).zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\asian fucking voyeur .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\lingerie kicking licking bondage .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\tyrkish beast [free] .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\Temp\german nude beastiality hidden boobs .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\security\templates\danish kicking fucking several models boobs pregnant .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\bukkake trambling uncut legs .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\chinese bukkake lesbian glans gorgeoushorny (Sonja,Sylvia).avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\fucking action masturbation shoes .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish animal hot (!) mature .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fetish bukkake several models circumcision (Sonja).mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\lesbian bukkake public .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\brasilian horse sperm big mature .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\indian cum catfight vagina swallow .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\fucking sleeping redhair (Sarah,Christine).mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\beastiality cumshot public boobs granny .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\Downloaded Program Files\british gang bang public ash mature (Sarah,Jenna).avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\chinese cumshot xxx licking mistress (Sarah).zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\canadian action catfight ìï (Curtney).mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\german xxx fucking voyeur granny .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\porn sleeping 50+ (Karin,Liz).mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\assembly\temp\malaysia blowjob public ash fishy (Curtney).rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\assembly\tmp\tyrkish xxx licking black hairunshaved (Britney,Tatjana).zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\sperm fucking [free] black hairunshaved .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian porn sleeping traffic .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\brasilian gang bang girls hairy .rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\sperm handjob [free] legs hotel .rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\blowjob [free] legs (Samantha).zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\handjob [milf] cock circumcision (Liz).avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\asian cumshot sleeping .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\spanish sperm xxx several models .rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\french action [bangbus] nipples .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\gay licking blondie (Anniston).rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\horse sleeping mature .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\black horse several models .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\cumshot lesbian masturbation .rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\cum porn hot (!) vagina blondie .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\PLA\Templates\cum horse full movie boobs latex .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\french horse catfight young .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\french hardcore hardcore several models boobs blondie .rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\black horse sperm voyeur .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\american lingerie hot (!) girly (Jenna).mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\cum action girls (Melissa,Janette).zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\handjob lesbian balls (Sandy).zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\swedish cum hidden (Sylvia).mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\chinese beast trambling [free] mature .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\italian lingerie [milf] titts 50+ .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\norwegian blowjob sleeping pregnant .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\trambling masturbation 50+ .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\animal fucking hidden .zip.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\japanese fucking catfight .rar.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\horse lesbian hole .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\american xxx horse uncut leather .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\italian horse licking 50+ .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\french gay lesbian boobs .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\porn lesbian legs upskirt .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\german bukkake kicking [free] high heels .mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\indian animal girls 50+ .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\brasilian nude [milf] cock wifey .avi.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\beast fetish [milf] pregnant (Melissa).mpeg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\spanish nude trambling big stockings .mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\horse gang bang big lady (Christine,Sarah).mpg.exe	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2492	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1220	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1468	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2948	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
476	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1376	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1712	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1924	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1564	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1220	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2492	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1468	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1904	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2852	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2948	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2076	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1980	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2320	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
476	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1220	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2128	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2708	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
344	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1564	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1924	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2492	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1468	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1712	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1376	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1676	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1676	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
3044	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
3044	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1348	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1348	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2332	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
2332	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
3024	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
3024	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
960	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
960	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
792	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
792	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
1932	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 292 wrote to memory of 2700	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	30
PID 292 wrote to memory of 2700	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	30
PID 292 wrote to memory of 2700	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	30
PID 292 wrote to memory of 2700	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	30
PID 2700 wrote to memory of 2624	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	31
PID 2700 wrote to memory of 2624	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	31
PID 2700 wrote to memory of 2624	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	31
PID 2700 wrote to memory of 2624	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	31
PID 292 wrote to memory of 2732	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	32
PID 292 wrote to memory of 2732	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	32
PID 292 wrote to memory of 2732	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	32
PID 292 wrote to memory of 2732	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	32
PID 2624 wrote to memory of 2492	2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	33
PID 2624 wrote to memory of 2492	2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	33
PID 2624 wrote to memory of 2492	2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	33
PID 2624 wrote to memory of 2492	2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	33
PID 2700 wrote to memory of 1468	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	35
PID 2700 wrote to memory of 1468	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	35
PID 2700 wrote to memory of 1468	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	35
PID 2700 wrote to memory of 1468	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	35
PID 2732 wrote to memory of 1220	2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	34
PID 2732 wrote to memory of 1220	2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	34
PID 2732 wrote to memory of 1220	2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	34
PID 2732 wrote to memory of 1220	2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	34
PID 292 wrote to memory of 2948	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	36
PID 292 wrote to memory of 2948	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	36
PID 292 wrote to memory of 2948	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	36
PID 292 wrote to memory of 2948	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	36
PID 1220 wrote to memory of 476	1220	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	37
PID 1220 wrote to memory of 476	1220	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	37
PID 1220 wrote to memory of 476	1220	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	37
PID 1220 wrote to memory of 476	1220	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	37
PID 2492 wrote to memory of 1376	2492	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	38
PID 2492 wrote to memory of 1376	2492	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	38
PID 2492 wrote to memory of 1376	2492	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	38
PID 2492 wrote to memory of 1376	2492	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	38
PID 1468 wrote to memory of 1292	1468	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	39
PID 1468 wrote to memory of 1292	1468	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	39
PID 1468 wrote to memory of 1292	1468	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	39
PID 1468 wrote to memory of 1292	1468	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	39
PID 2624 wrote to memory of 1712	2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	40
PID 2624 wrote to memory of 1712	2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	40
PID 2624 wrote to memory of 1712	2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	40
PID 2624 wrote to memory of 1712	2624	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	40
PID 2700 wrote to memory of 1564	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	41
PID 2700 wrote to memory of 1564	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	41
PID 2700 wrote to memory of 1564	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	41
PID 2700 wrote to memory of 1564	2700	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	41
PID 2732 wrote to memory of 1924	2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	42
PID 2732 wrote to memory of 1924	2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	42
PID 2732 wrote to memory of 1924	2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	42
PID 2732 wrote to memory of 1924	2732	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	42
PID 2948 wrote to memory of 2852	2948	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	43
PID 2948 wrote to memory of 2852	2948	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	43
PID 2948 wrote to memory of 2852	2948	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	43
PID 2948 wrote to memory of 2852	2948	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	43
PID 292 wrote to memory of 1904	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	44
PID 292 wrote to memory of 1904	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	44
PID 292 wrote to memory of 1904	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	44
PID 292 wrote to memory of 1904	292	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	44
PID 476 wrote to memory of 1980	476	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	46
PID 476 wrote to memory of 1980	476	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	46
PID 476 wrote to memory of 1980	476	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	46
PID 476 wrote to memory of 1980	476	40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe	46

C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:292
- C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        10⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:25664
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:18812
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:25052
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:19604
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:18220
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:26216
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:25620
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:24168
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:23264
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:24196
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:24160
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:23132
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:18772
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:19936
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:25808
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:26384
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:24128
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:23256
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:19588
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18228
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:25008
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18148
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:18068
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:21956
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20000
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20644
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25864
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18268
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:24104
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:22848
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25228
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23712
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:22988
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:25832
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:19992
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:20700
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:19952
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:23632
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:22840
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:21380
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:25956
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20636
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25612
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:24684
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18124
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:21744
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:25988
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:21160
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20716
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:26348
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20056
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:25604
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:23248
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:24120
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20204
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14136
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25780
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23032
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:18028
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:25092
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23396
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:22728
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20708
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:26224
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:18972
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:25996
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:14168
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:25880
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:20096
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:20072
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:17900
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:17968
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:21084
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:19968
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:25800
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:25772
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:23872
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:24032
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:24176
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:20008
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18820
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:22816
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18132
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23152
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20212
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20088
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:24188
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:26208
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:23588
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20120
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:19272
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:22784
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23732
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18196
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:23600
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:19876
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23056
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:18964
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23092
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20024
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:22824
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:25372
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:25856
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:23888
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:23736
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20128
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25212
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:19616
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20032
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:12676
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:21576
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20368
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:24964
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25888
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:19580
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:21044
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:19960
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23388
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:24976
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:24112
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20740
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:17952
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25896
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23128
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:19976
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:19596
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:22800
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:14356
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:25816
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23960
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:23740
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:22392
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:17960
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:23080
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:21252
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:18308
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:25412
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:13836
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:16844
- C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:476
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        10⤵
        
        PID:26192
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:21136
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:18180
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:18732
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:22808
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:23952
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:18844
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:24880
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:25824
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18012
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:21096
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:356
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        9⤵
        
        PID:18100
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:20652
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:23504
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18716
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:23584
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25068
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:19928
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:25248
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:20040
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:20660
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:25872
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18332
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18980
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25112
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18784
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20692
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14340
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23784
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18748
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20196
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:688
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20048
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18956
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:24136
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25948
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:23104
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18988
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20732
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:25972
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23008
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:18316
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:25396
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:25380
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:20676
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:24624
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:18996
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18740
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23060
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:23144
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:25428
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:23760
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18000
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25000
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:21120
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:23192
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18796
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20180
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:22792
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:22608
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23052
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:24204
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:24096
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20104
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:18076
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:18276
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20724
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:25388
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:22832
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:15512
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:20064
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:25060
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:14028
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:25980
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:13756
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:23112
- C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        8⤵
        
        PID:18116
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:25848
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20112
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25024
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20628
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23212
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:21152
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:23040
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:22284
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:19912
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:24152
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:19072
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:25204
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:18204
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:20380
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:26376
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25420
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20360
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:22768
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20316
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:23540
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:19944
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20668
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:19868
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:21064
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:11004
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:22776
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20620
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:14224
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:25792
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:18140
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:9944
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:18300
- C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        7⤵
        
        PID:20604
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:18804
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:20684
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:18284
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23120
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:24692
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20016
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:18036
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:25932
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20596
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:23488
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20612
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:25404
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:18172
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:10168
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:19984
- C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:792
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        6⤵
        
        PID:23064
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14296
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:23536
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:23088
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:23904
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:22760
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:20188
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:12388
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:12324
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:18760
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:10112
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:18884
- C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
  2⤵
  PID:3320
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
        5⤵
        
        PID:21372
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:23376
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:21144
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:11972
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:25220
- C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4428
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
      4⤵
      PID:20276
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:13444
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:23240
- C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
  2⤵
  PID:6512
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:14144
- - C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
    3⤵
    PID:26232
- C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
  2⤵
  PID:10104
- C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40cda495f5e27a530a9b023209f63559_JaffaCakes118.exe"
  2⤵
  PID:24144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\french horse action sleeping glans penetration .mpeg.exe

Filesize
1.1MB

MD5
6b4824f8a312143faa8e80fd0169ea10

SHA1
006b5adff63a9e745ef397e66478905743b6ebdf

SHA256
0070d9d4880fea97fac77bdb0bd9d7d479cc66be46673ceb341319587abc700b

SHA512
60560f49a7481cb71b72cffb7728ae4e4be66ac670c26ace4608facb0b813ff75f671e7561af5647fe6282ef99c92456bfc7c43bf942e472642dc94c84fe22ef

Download Submit
C:\debug.txt

Filesize
183B

MD5
9930bf094cb0c57932bff723fac19c39

SHA1
773a38fed9d9834774fe695b354ae6e3712de05b

SHA256
a01155ef36f71311fff565bf604ad5bada5017973da5c3fa17e41310b9e16ba6

SHA512
d0df092cce139bd3f49bd20014597bf3260ea9de9cbce32fa63887779f0524611779df651a73c2bbd324fd0400a705feec3642b7bfd07fa5194e27238ab83dca

Download Submit