Malware Analysis Report

2024-12-07 22:02

Sample ID 240716-jdw3wstgqd
Target 4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118
SHA256 87d29eb1006d90b88ef7f3fd20227b60261029167d67a7ef3d17093ae2363694
Tags
xtremerat persistence rat spyware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

87d29eb1006d90b88ef7f3fd20227b60261029167d67a7ef3d17093ae2363694

Threat Level: Known bad

The file 4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware upx

Detect XtremeRAT payload

XtremeRAT

UPX packed file

Checks computer location settings

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-16 07:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-16 07:33

Reported

2024-07-16 07:36

Platform

win7-20240704-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2716 set thread context of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2844 set thread context of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2660 set thread context of 1808 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1808 set thread context of 2492 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1680 set thread context of 1668 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1668 set thread context of 2820 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2952 set thread context of 1288 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1288 set thread context of 1220 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1908 set thread context of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2964 set thread context of 1520 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1292 set thread context of 2304 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2304 set thread context of 1964 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3024 set thread context of 2248 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2248 set thread context of 876 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2904 set thread context of 2848 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2848 set thread context of 2912 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 584 set thread context of 1652 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1652 set thread context of 2492 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1256 set thread context of 2128 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2128 set thread context of 304 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2004 set thread context of 2432 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2432 set thread context of 1936 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2804 set thread context of 2496 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2496 set thread context of 980 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1304 set thread context of 1740 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1740 set thread context of 2860 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2404 set thread context of 2080 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2080 set thread context of 624 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1208 set thread context of 1992 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1992 set thread context of 1328 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2344 set thread context of 3024 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3024 set thread context of 1072 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 288 set thread context of 776 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 776 set thread context of 1728 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1208 set thread context of 2004 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2004 set thread context of 564 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 876 set thread context of 2880 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2880 set thread context of 2684 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1460 set thread context of 1928 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1928 set thread context of 1852 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1072 set thread context of 288 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 288 set thread context of 2464 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2136 set thread context of 2668 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2668 set thread context of 1488 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2160 set thread context of 1852 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1852 set thread context of 3016 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 624 set thread context of 2016 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2016 set thread context of 3116 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3240 set thread context of 3248 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3248 set thread context of 3320 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3444 set thread context of 3452 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3452 set thread context of 3524 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3656 set thread context of 3664 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3664 set thread context of 3736 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3856 set thread context of 3864 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3864 set thread context of 3936 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4068 set thread context of 4076 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4076 set thread context of 3096 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3284 set thread context of 3292 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3292 set thread context of 3344 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2716 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2716 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2716 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2716 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2716 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2716 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2716 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2716 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2716 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2844 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2844 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2844 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2844 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2844 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2844 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2844 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2844 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2844 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2868 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2868 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2868 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2868 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2660 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2660 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2660 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/2844-2-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2716-14-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2844-15-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2844-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2844-10-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2844-0-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2844-4-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2868-18-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2844-20-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2844-19-0x0000000000430000-0x000000000050F000-memory.dmp

memory/2868-22-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2868-23-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2868-24-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2868-27-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2660-42-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2492-50-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 d225596f2f54a23f71046bf01dfbf7d3
SHA1 7b34281395715a63c3f902b0d3a4dba7a876e880
SHA256 2b2b8e85cdc56bf2943c7ac6b6f88d1fc13c1edc52844b2af2a92f38998e3e2b
SHA512 c1791d26644c48287020019aa457bb78332668af1880fe9e8edf5a57824add93949bdd3123baebab6ae3af263b43175363631abc0e8c7cbe8f6be2151aff6099

memory/2492-56-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1680-69-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1668-75-0x0000000000400000-0x0000000000425000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-16 07:33

Reported

2024-07-16 07:36

Platform

win10v2004-20240709-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5112 set thread context of 4504 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4504 set thread context of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4420 set thread context of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2884 set thread context of 4876 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4380 set thread context of 1900 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1900 set thread context of 1856 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2032 set thread context of 2868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2868 set thread context of 5064 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2216 set thread context of 896 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 896 set thread context of 1168 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1424 set thread context of 4776 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4776 set thread context of 452 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4324 set thread context of 4328 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4328 set thread context of 4988 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3768 set thread context of 4268 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4268 set thread context of 1544 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1992 set thread context of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3372 set thread context of 3764 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3116 set thread context of 2036 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2036 set thread context of 4916 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4636 set thread context of 4436 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4436 set thread context of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4588 set thread context of 4308 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4308 set thread context of 3820 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4732 set thread context of 3008 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3008 set thread context of 388 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 636 set thread context of 460 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 460 set thread context of 4476 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 8 set thread context of 4868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4868 set thread context of 2040 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2736 set thread context of 4744 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4744 set thread context of 4292 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4140 set thread context of 4608 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4608 set thread context of 5112 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1680 set thread context of 3592 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3592 set thread context of 1996 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4476 set thread context of 4196 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4196 set thread context of 4236 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 332 set thread context of 4588 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4588 set thread context of 452 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 5088 set thread context of 4320 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4320 set thread context of 4824 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4380 set thread context of 3116 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3116 set thread context of 2436 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1400 set thread context of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2600 set thread context of 5076 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3440 set thread context of 5016 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 5016 set thread context of 2684 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1400 set thread context of 3416 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3416 set thread context of 2136 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 952 set thread context of 1324 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1324 set thread context of 4352 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3964 set thread context of 3336 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3336 set thread context of 4296 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2324 set thread context of 868 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 868 set thread context of 1820 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3236 set thread context of 2852 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2852 set thread context of 3912 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3236 set thread context of 1256 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 1256 set thread context of 1008 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5112 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 5112 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 5112 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 5112 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 5112 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 5112 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 5112 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 5112 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4504 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4504 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4504 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4504 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4504 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4504 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4504 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4504 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3372 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3372 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 3372 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4420 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4420 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4420 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4420 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4420 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4420 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4420 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4420 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2884 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2884 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2884 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2884 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2884 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2884 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2884 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 2884 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe
PID 4876 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4d59b3dc0692b1f86aed840207dbd46e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/4504-0-0x0000000000400000-0x0000000000425000-memory.dmp

memory/4504-2-0x0000000000400000-0x0000000000425000-memory.dmp

memory/5112-4-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4504-5-0x0000000000400000-0x0000000000425000-memory.dmp

memory/3372-8-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4504-10-0x0000000000400000-0x0000000000425000-memory.dmp

memory/3372-11-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3372-12-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3372-13-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3372-16-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2884-21-0x0000000000400000-0x0000000000425000-memory.dmp

memory/4420-22-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4876-27-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2884-30-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2884-28-0x0000000000430000-0x00000000004F9000-memory.dmp

memory/4876-29-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4876-31-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 d225596f2f54a23f71046bf01dfbf7d3
SHA1 7b34281395715a63c3f902b0d3a4dba7a876e880
SHA256 2b2b8e85cdc56bf2943c7ac6b6f88d1fc13c1edc52844b2af2a92f38998e3e2b
SHA512 c1791d26644c48287020019aa457bb78332668af1880fe9e8edf5a57824add93949bdd3123baebab6ae3af263b43175363631abc0e8c7cbe8f6be2151aff6099

memory/4876-35-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4380-39-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1856-45-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1856-47-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1900-46-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2032-55-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2868-59-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2216-68-0x0000000000400000-0x000000000043C000-memory.dmp

memory/896-75-0x0000000000400000-0x0000000000425000-memory.dmp

memory/1424-84-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4776-88-0x0000000000400000-0x0000000000425000-memory.dmp