Malware Analysis Report

2024-12-07 22:03

Sample ID 240715-v9k62svbkd
Target 4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118
SHA256 5991c53c781c8c8ec1330ee044ec538c9c61c4d0d5a08851b7c0c8e9c6916d49
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5991c53c781c8c8ec1330ee044ec538c9c61c4d0d5a08851b7c0c8e9c6916d49

Threat Level: Known bad

The file 4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

Detect XtremeRAT payload

XtremeRAT

Checks computer location settings

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-15 17:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-15 17:41

Reported

2024-07-15 17:43

Platform

win7-20240708-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2636 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2636 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
PID 2636 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
PID 2636 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
PID 2636 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
PID 2680 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2680 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/2636-0-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2636-1-0x0000000000D16000-0x0000000000D17000-memory.dmp

memory/2636-5-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2680-7-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2680-6-0x0000000000C80000-0x0000000000D59000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 6f1748d079a5a0c9ebfeb84cc2697866
SHA1 9fd1107197aefa502da9c3ca1a11f3feaa021a03
SHA256 dcd939f432c530de9e6a39b5d4d3ed57ffadd2a0cd2050af351b30519f02425a
SHA512 146f72beb6ad33ebe5c5a881a908ce20a00bdf8617e91a1d3e34b6454a98342e45f36c27ba21f0953bbd156a148128513e00e50246852b4df22ad17b13888fb5

memory/2548-14-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2548-13-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2680-12-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2548-17-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/304-22-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/304-21-0x0000000002AB0000-0x0000000002B89000-memory.dmp

memory/2920-23-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2920-26-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1072-27-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1072-31-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1512-32-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1512-35-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2096-39-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1736-40-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1736-43-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/600-44-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/600-48-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2888-49-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2888-52-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2232-56-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/464-57-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/464-60-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2984-61-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2984-65-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2412-66-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2412-69-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1480-70-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2152-75-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1480-74-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2152-78-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1796-81-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/872-82-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/872-85-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/860-86-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2368-92-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/860-91-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/860-90-0x0000000002AB0000-0x0000000002B89000-memory.dmp

memory/2368-95-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2352-96-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2352-100-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1968-101-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1968-104-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1612-105-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1612-108-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2516-109-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2516-112-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1004-115-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3132-118-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3240-122-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3364-123-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3364-126-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3484-127-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3484-131-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3604-134-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3720-138-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3832-139-0x0000000000C80000-0x0000000000D59000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-15 17:41

Reported

2024-07-15 17:43

Platform

win10v2004-20240709-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3772 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
PID 3772 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
PID 3772 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
PID 4808 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
PID 4808 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
PID 4808 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
PID 4828 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 40.58.20.217.in-addr.arpa udp

Files

memory/3772-0-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3772-1-0x0000000000D16000-0x0000000000D17000-memory.dmp

memory/3772-5-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4808-6-0x0000000000C80000-0x0000000000D59000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 6f1748d079a5a0c9ebfeb84cc2697866
SHA1 9fd1107197aefa502da9c3ca1a11f3feaa021a03
SHA256 dcd939f432c530de9e6a39b5d4d3ed57ffadd2a0cd2050af351b30519f02425a
SHA512 146f72beb6ad33ebe5c5a881a908ce20a00bdf8617e91a1d3e34b6454a98342e45f36c27ba21f0953bbd156a148128513e00e50246852b4df22ad17b13888fb5

memory/4808-11-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4828-12-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4828-17-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4380-18-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4380-23-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1772-28-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/784-29-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/784-34-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4588-35-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4588-40-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4784-41-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4784-46-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3036-47-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3036-52-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4808-53-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4808-58-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4404-59-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4404-64-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4496-69-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2424-70-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2424-75-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2340-76-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2340-81-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/816-82-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/816-87-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1016-88-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1016-93-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3060-94-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3060-99-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2948-100-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2948-105-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4496-106-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4496-111-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4964-112-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4964-117-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4704-118-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/4704-123-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1628-124-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1628-129-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1324-134-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/456-135-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/456-140-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/1348-145-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2808-146-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2808-151-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3560-157-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/5064-156-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3560-162-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2832-163-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2832-168-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3980-169-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/3980-174-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/2508-179-0x0000000000C80000-0x0000000000D59000-memory.dmp

memory/5160-180-0x0000000000C80000-0x0000000000D59000-memory.dmp