Malware Analysis Report

2024-12-07 22:02

Sample ID 240716-awzr3azbqc
Target 4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118
SHA256 6252cc422e242146b08781a379dd3c03dd98b9dbb3f5e0e42358e921d7fc5a0a
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6252cc422e242146b08781a379dd3c03dd98b9dbb3f5e0e42358e921d7fc5a0a

Threat Level: Known bad

The file 4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

Detect XtremeRAT payload

XtremeRAT

Checks computer location settings

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-16 00:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-16 00:34

Reported

2024-07-16 00:37

Platform

win7-20240708-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1008 set thread context of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2352 set thread context of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2548 set thread context of 976 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1428 set thread context of 1644 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2284 set thread context of 2428 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1684 set thread context of 2972 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 568 set thread context of 852 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1896 set thread context of 1568 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 608 set thread context of 988 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2268 set thread context of 984 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 820 set thread context of 2980 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2800 set thread context of 2736 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3032 set thread context of 3036 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2816 set thread context of 2892 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1664 set thread context of 1352 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2236 set thread context of 2180 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2104 set thread context of 2192 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1240 set thread context of 1404 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1684 set thread context of 1708 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 684 set thread context of 1484 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 984 set thread context of 2680 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2816 set thread context of 1640 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1856 set thread context of 1512 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1684 set thread context of 1220 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 480 set thread context of 868 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2836 set thread context of 3076 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3204 set thread context of 3224 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3348 set thread context of 3368 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3496 set thread context of 3516 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3644 set thread context of 3664 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3784 set thread context of 3804 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3928 set thread context of 3948 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1008 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2968 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2968 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2968 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2968 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2352 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2352 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2352 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2352 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2352 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2352 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2352 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/1008-0-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2968-6-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2968-7-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1008-9-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2968-5-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2968-4-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2968-3-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2968-12-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2352-13-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2352-20-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2352-16-0x00000000002C0000-0x000000000030B000-memory.dmp

memory/2632-22-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 4a264dcdfe4c5f743187aa969f159e34
SHA1 6ddf0d5d18eef7844576230cef3a02345dfa6aae
SHA256 71e4c8e9998a56772627e8a00457ffd26ddacf8cc0c5015084c81a2a97835927
SHA512 823cb799d5a8a23b6771fccb8dd0829c2edc31ab245fab29511aae641acb8416ea45bfb32379412b0d9dfbd1e83a53713308fe38d97cd03986ec02b0c6b4036e

memory/2632-24-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2548-27-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2548-31-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2548-28-0x0000000000320000-0x000000000036B000-memory.dmp

memory/1428-35-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1428-40-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1644-43-0x0000000002B50000-0x0000000002B9B000-memory.dmp

memory/2284-47-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1684-57-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1684-54-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1684-53-0x00000000003B0000-0x00000000003FB000-memory.dmp

memory/568-60-0x0000000000400000-0x000000000044B000-memory.dmp

memory/568-65-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1896-70-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1896-74-0x0000000000400000-0x000000000044B000-memory.dmp

memory/608-81-0x0000000000400000-0x000000000044B000-memory.dmp

memory/608-85-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2972-80-0x0000000002B90000-0x0000000002BDB000-memory.dmp

memory/988-88-0x0000000002B90000-0x0000000002BDB000-memory.dmp

memory/2268-89-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2268-94-0x0000000000400000-0x000000000044B000-memory.dmp

memory/820-98-0x0000000000400000-0x000000000044B000-memory.dmp

memory/820-103-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2800-112-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2800-109-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2800-108-0x0000000000310000-0x000000000035B000-memory.dmp

memory/2736-116-0x0000000002A40000-0x0000000002A8B000-memory.dmp

memory/3032-117-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3032-122-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2816-127-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2816-132-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1664-143-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1664-140-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1664-139-0x0000000000300000-0x000000000034B000-memory.dmp

memory/2236-148-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2236-151-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2104-157-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2104-160-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1240-167-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1240-170-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1684-175-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1684-180-0x0000000000400000-0x000000000044B000-memory.dmp

memory/684-190-0x0000000000400000-0x000000000044B000-memory.dmp

memory/684-187-0x0000000000400000-0x000000000044B000-memory.dmp

memory/984-193-0x0000000000400000-0x000000000044B000-memory.dmp

memory/984-198-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2816-204-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2816-206-0x00000000003B0000-0x00000000003FB000-memory.dmp

memory/2816-208-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1856-211-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1856-217-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1856-215-0x00000000003A0000-0x00000000003EB000-memory.dmp

memory/1684-223-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1684-226-0x0000000000400000-0x000000000044B000-memory.dmp

memory/480-237-0x0000000000400000-0x000000000044B000-memory.dmp

memory/480-235-0x0000000000400000-0x000000000044B000-memory.dmp

memory/480-234-0x0000000000260000-0x00000000002AB000-memory.dmp

memory/2836-242-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2836-247-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3204-254-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3204-255-0x0000000000340000-0x000000000038B000-memory.dmp

memory/3204-258-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3348-261-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3348-266-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3496-272-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3496-275-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3644-280-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3644-285-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3784-288-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3928-298-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3928-302-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3928-300-0x0000000000490000-0x00000000004DB000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-16 00:34

Reported

2024-07-16 00:37

Platform

win10v2004-20240709-en

Max time kernel

150s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3164 set thread context of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 set thread context of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2364 set thread context of 1496 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2384 set thread context of 4992 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3492 set thread context of 4972 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1516 set thread context of 944 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 680 set thread context of 2208 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2148 set thread context of 3012 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3616 set thread context of 4128 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4352 set thread context of 4456 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2016 set thread context of 320 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2060 set thread context of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3268 set thread context of 3536 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2200 set thread context of 2680 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 5072 set thread context of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 692 set thread context of 1568 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2296 set thread context of 2328 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2236 set thread context of 1004 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3536 set thread context of 2796 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4892 set thread context of 1096 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2772 set thread context of 2232 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2148 set thread context of 3380 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3536 set thread context of 2524 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3624 set thread context of 4108 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3380 set thread context of 3284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1976 set thread context of 3988 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1260 set thread context of 1688 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 660 set thread context of 3508 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 1260 set thread context of 3852 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3440 set thread context of 3048 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2092 set thread context of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3164 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3564 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3564 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 3564 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 4712 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe
PID 2284 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c1436dad18cc88793b24554ca6f4df5_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/3164-0-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3564-3-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3564-4-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3164-6-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3564-7-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3564-8-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3564-11-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4712-12-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2284-19-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4712-18-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2284-20-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 4a264dcdfe4c5f743187aa969f159e34
SHA1 6ddf0d5d18eef7844576230cef3a02345dfa6aae
SHA256 71e4c8e9998a56772627e8a00457ffd26ddacf8cc0c5015084c81a2a97835927
SHA512 823cb799d5a8a23b6771fccb8dd0829c2edc31ab245fab29511aae641acb8416ea45bfb32379412b0d9dfbd1e83a53713308fe38d97cd03986ec02b0c6b4036e

memory/2284-24-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2364-25-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2364-31-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1496-29-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2384-35-0x0000000000400000-0x000000000044B000-memory.dmp

memory/4992-41-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2384-40-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3492-46-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3492-51-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1516-56-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1516-61-0x0000000000400000-0x000000000044B000-memory.dmp

memory/680-67-0x0000000000400000-0x000000000044B000-memory.dmp

memory/680-71-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2148-75-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2148-81-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3616-86-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3616-91-0x0000000000400000-0x000000000044B000-memory.dmp

memory/4128-89-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4352-95-0x0000000000400000-0x000000000044B000-memory.dmp

memory/4456-99-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4352-101-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2016-106-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2016-109-0x0000000000400000-0x000000000044B000-memory.dmp

memory/320-110-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2060-114-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2060-118-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3268-123-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3268-129-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2200-133-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2200-139-0x0000000000400000-0x000000000044B000-memory.dmp

memory/5072-144-0x0000000000400000-0x000000000044B000-memory.dmp

memory/5072-149-0x0000000000400000-0x000000000044B000-memory.dmp

memory/692-154-0x0000000000400000-0x000000000044B000-memory.dmp

memory/692-157-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2296-162-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2328-166-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2296-168-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2236-172-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2236-177-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3536-182-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3536-188-0x0000000000400000-0x000000000044B000-memory.dmp

memory/4892-192-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1096-196-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4892-198-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2772-203-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2772-207-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2148-212-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2148-218-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3536-222-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3536-228-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3624-232-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3624-237-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3380-242-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3380-247-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1976-252-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1976-258-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1260-262-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1260-268-0x0000000000400000-0x000000000044B000-memory.dmp

memory/660-272-0x0000000000400000-0x000000000044B000-memory.dmp

memory/660-277-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1260-287-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3440-291-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3440-297-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2092-306-0x0000000000400000-0x000000000044B000-memory.dmp