Malware Analysis Report

2025-03-14 22:27

Sample ID 240407-3a3aaahe6x
Target e61866162c18fa984730aceb2c9601f5_JaffaCakes118
SHA256 c610c1d543f43e3502411f32ed9f7f406474041a996371c0d1e12f35adda6565
Tags
persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c610c1d543f43e3502411f32ed9f7f406474041a996371c0d1e12f35adda6565

Threat Level: Shows suspicious behavior

The file e61866162c18fa984730aceb2c9601f5_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Executes dropped EXE

Deletes itself

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:19

Reported

2024-04-07 23:22

Platform

win7-20240221-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1500 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 1500 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 1500 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 1500 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 1500 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1500 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1500 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1500 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2276 wrote to memory of 2608 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2276 wrote to memory of 2608 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2276 wrote to memory of 2608 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2276 wrote to memory of 2608 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2276 wrote to memory of 2656 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2276 wrote to memory of 2656 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2276 wrote to memory of 2656 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2276 wrote to memory of 2656 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2608 wrote to memory of 2544 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2608 wrote to memory of 2544 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2608 wrote to memory of 2544 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2608 wrote to memory of 2544 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2608 wrote to memory of 2652 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2608 wrote to memory of 2652 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2608 wrote to memory of 2652 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2608 wrote to memory of 2652 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2544 wrote to memory of 2404 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2544 wrote to memory of 2404 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2544 wrote to memory of 2404 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2544 wrote to memory of 2404 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2544 wrote to memory of 2120 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2544 wrote to memory of 2120 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2544 wrote to memory of 2120 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2544 wrote to memory of 2120 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2404 wrote to memory of 2508 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2404 wrote to memory of 2508 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2404 wrote to memory of 2508 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2404 wrote to memory of 2508 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2404 wrote to memory of 2460 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2404 wrote to memory of 2460 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2404 wrote to memory of 2460 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2404 wrote to memory of 2460 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2508 wrote to memory of 2832 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2508 wrote to memory of 2832 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2508 wrote to memory of 2832 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2508 wrote to memory of 2832 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2508 wrote to memory of 3012 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\system32\conhost.exe
PID 2508 wrote to memory of 3012 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\system32\conhost.exe
PID 2508 wrote to memory of 3012 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\system32\conhost.exe
PID 2508 wrote to memory of 3012 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\system32\conhost.exe
PID 2832 wrote to memory of 1480 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2832 wrote to memory of 1480 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2832 wrote to memory of 1480 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2832 wrote to memory of 1480 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 2832 wrote to memory of 2376 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2832 wrote to memory of 2376 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2832 wrote to memory of 2376 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2832 wrote to memory of 2376 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1480 wrote to memory of 848 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 1480 wrote to memory of 848 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 1480 wrote to memory of 848 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 1480 wrote to memory of 848 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
PID 1480 wrote to memory of 844 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\system32\conhost.exe
PID 1480 wrote to memory of 844 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\system32\conhost.exe
PID 1480 wrote to memory of 844 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\system32\conhost.exe
PID 1480 wrote to memory of 844 N/A C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Windows\system32\conhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1020485748-922300471-16341181159645114-1489875897146534065815045525741637609909"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-5217188123553424181547096827-41132606-204773559935246534814150223791212956615"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "937670896-16443966651339095217-191475180149849938150454097-74621730545375173"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1932904825-583467240139170203916433315611025667533-403630399-7795474871783230946"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "16179414981816027001-670903371-600293454-2020845015-619014542-9965706431276881231"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-13256181271498814545-2135193861260489335-16012967992042930866-1584950770-532270708"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-425450274-1314857390-99895058-508270528197277072-405113652-270773448897093899"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1861341541998232999-1516381041262265091-632416429-1901213057690535324-421295336"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1148870372-1888083210-29791724615929552201786879132-1226937932-917541730-1468587440"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1779383790967553220271279785-1162541094-1109735378-8000874321053808103-225105580"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "15929002821696229141-742924135822928947443165301380665931047355757-1429389733"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-3431064223590076011391734908-20438766916911728031148983344-18085997021584372817"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1465065941-18631841011857040711292114749433164590-1715044715-674522255-1395290491"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1074012210-17063035188633216587100099081231892137-176608098-2100365875606298348"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1513327034739458146-1777923654-1652547700-17993476791595490848630716390-1781907076"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "20933722461554335608-986123628-1897278273-8023794335754600101375348899233618684"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "113868976-1267093071-1640435546-13140293921246677691-453769989-1003579604-11138360"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "908462560-117524469512452272271604301011982147904-1617740851411297840-1111799166"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1986535733305889195-1087877436524753116-530461921-151858114-2129589165-568920951"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-194305385-1139444429-257142595-5628974991953947420-1558792352-1029576233-1429144773"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "207023432320872696062049451704151767162081543626-175467741320741862361795548597"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1209985163137991923610801428781346811375-1755905732-19264262111407616012-867147110"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-12997526031406334456-653510346-1506364425126124478317787113541342065915-157450968"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1630735453-179276410947981008-10007905111963567496-195009872917213235682012183853"

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\E61866~1.EXE" >> NUL

C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

Network

N/A

Files

memory/1500-1-0x0000000000400000-0x0000000000404000-memory.dmp

\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

MD5 e61866162c18fa984730aceb2c9601f5
SHA1 7f420d8e77155a53f6c65a37446b6f472eba4d58
SHA256 c610c1d543f43e3502411f32ed9f7f406474041a996371c0d1e12f35adda6565
SHA512 661e98c650ce93c179aafbb8a21d59f8091990586983a28356e3ac420ace197a984849f6728d321c12ed4a0e4c805cea4610437f61ce812c651c2b413f754658

memory/3056-84-0x0000000000400000-0x0000000000404000-memory.dmp

memory/2028-226-0x0000000000400000-0x0000000000404000-memory.dmp

memory/2056-1433-0x0000000000400000-0x0000000000404000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:19

Reported

2024-04-07 23:22

Platform

win10v2004-20240226-en

Max time kernel

90s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

Signatures

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4992 -ip 4992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 368

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp

Files

memory/4992-0-0x0000000000400000-0x0000000000404000-memory.dmp

memory/4992-2-0x0000000000400000-0x0000000000404000-memory.dmp