Malware Analysis Report

2025-01-02 02:45

Sample ID 240719-1192pswcnh
Target 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118
SHA256 2d3745a243c96f1ce3ae9c5e633ddc38448c07b6b21d8c13fa2a069438c131a7
Tags
xtremerat persistence rat spyware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2d3745a243c96f1ce3ae9c5e633ddc38448c07b6b21d8c13fa2a069438c131a7

Threat Level: Known bad

The file 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware upx

Detect XtremeRAT payload

XtremeRAT

Checks computer location settings

UPX packed file

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-19 22:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-19 22:08

Reported

2024-07-19 22:12

Platform

win7-20240704-en

Max time kernel

150s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1908 set thread context of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2280 set thread context of 2044 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2812 set thread context of 2692 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2692 set thread context of 2356 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 552 set thread context of 560 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 560 set thread context of 1076 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2336 set thread context of 2628 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2628 set thread context of 2872 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2232 set thread context of 1832 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1832 set thread context of 936 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 612 set thread context of 964 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 964 set thread context of 2792 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1268 set thread context of 2296 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2296 set thread context of 1956 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3052 set thread context of 1628 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1628 set thread context of 2156 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2520 set thread context of 2544 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2544 set thread context of 2480 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1848 set thread context of 1988 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1988 set thread context of 1888 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 432 set thread context of 784 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 784 set thread context of 2720 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2372 set thread context of 572 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 572 set thread context of 3028 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2072 set thread context of 2140 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2140 set thread context of 2828 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2064 set thread context of 1152 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1152 set thread context of 2336 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 948 set thread context of 3008 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3008 set thread context of 1804 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2008 set thread context of 1928 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1928 set thread context of 2144 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2036 set thread context of 2632 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2632 set thread context of 2548 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2836 set thread context of 804 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 804 set thread context of 1072 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1268 set thread context of 2196 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2196 set thread context of 1168 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 552 set thread context of 672 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 672 set thread context of 1688 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2068 set thread context of 2128 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2128 set thread context of 2180 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 592 set thread context of 2588 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2588 set thread context of 3028 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 516 set thread context of 1084 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1084 set thread context of 836 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1784 set thread context of 2168 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2168 set thread context of 2180 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3104 set thread context of 3112 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3112 set thread context of 3184 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3316 set thread context of 3328 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3328 set thread context of 3400 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1908 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1908 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1908 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1908 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1908 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1908 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1908 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1908 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1908 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2280 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2280 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2280 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2280 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2280 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2280 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2280 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2280 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2280 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2044 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2044 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2044 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2044 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2812 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2812 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2812 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

Network

N/A

Files

memory/1908-14-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2280-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2280-15-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2280-10-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2280-0-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2280-4-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2280-2-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2044-18-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2280-19-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2044-21-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2044-22-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2044-23-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2044-26-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2812-41-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2692-48-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2356-51-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 d225596f2f54a23f71046bf01dfbf7d3
SHA1 7b34281395715a63c3f902b0d3a4dba7a876e880
SHA256 2b2b8e85cdc56bf2943c7ac6b6f88d1fc13c1edc52844b2af2a92f38998e3e2b
SHA512 c1791d26644c48287020019aa457bb78332668af1880fe9e8edf5a57824add93949bdd3123baebab6ae3af263b43175363631abc0e8c7cbe8f6be2151aff6099

memory/2356-53-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/552-66-0x0000000000400000-0x000000000043C000-memory.dmp

memory/560-72-0x0000000000400000-0x0000000000425000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-19 22:08

Reported

2024-07-19 22:12

Platform

win10v2004-20240709-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3092 set thread context of 3012 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3012 set thread context of 4300 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4556 set thread context of 4576 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4576 set thread context of 5104 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1068 set thread context of 3260 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3260 set thread context of 2344 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3156 set thread context of 980 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 980 set thread context of 3796 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 228 set thread context of 3620 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3620 set thread context of 2996 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3540 set thread context of 4844 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4844 set thread context of 1292 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3048 set thread context of 3896 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3896 set thread context of 1020 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4748 set thread context of 2876 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2876 set thread context of 544 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 640 set thread context of 1792 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1792 set thread context of 2384 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3960 set thread context of 4116 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4116 set thread context of 3728 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5072 set thread context of 4448 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4448 set thread context of 4464 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3916 set thread context of 4536 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4536 set thread context of 1972 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2208 set thread context of 3584 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3584 set thread context of 2184 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4588 set thread context of 4912 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4912 set thread context of 2316 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 544 set thread context of 4568 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4568 set thread context of 2944 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3728 set thread context of 796 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 796 set thread context of 5092 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5104 set thread context of 5008 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5008 set thread context of 4184 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4780 set thread context of 1904 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1904 set thread context of 3948 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4540 set thread context of 232 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 232 set thread context of 4448 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2000 set thread context of 4780 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4780 set thread context of 4564 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4456 set thread context of 1956 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1956 set thread context of 4184 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 2944 set thread context of 1460 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1460 set thread context of 1496 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5408 set thread context of 5424 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5424 set thread context of 5468 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5632 set thread context of 5652 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5652 set thread context of 5696 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5852 set thread context of 5872 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5872 set thread context of 5916 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 1148 set thread context of 5412 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5412 set thread context of 5448 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5700 set thread context of 5708 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5708 set thread context of 5908 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 6008 set thread context of 6076 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 6076 set thread context of 4460 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 6000 set thread context of 4448 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4448 set thread context of 5432 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5840 set thread context of 5700 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5700 set thread context of 5868 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3092 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3092 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3092 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3092 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3092 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3092 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3092 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3092 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3012 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3012 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3012 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3012 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3012 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3012 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3012 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 3012 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4300 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4300 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4300 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4556 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4556 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4556 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4556 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4556 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4556 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4556 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4556 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4576 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4576 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4576 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4576 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4576 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4576 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4576 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 4576 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
PID 5104 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3012-0-0x0000000000400000-0x0000000000425000-memory.dmp

memory/3092-4-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3012-2-0x0000000000400000-0x0000000000425000-memory.dmp

memory/3012-5-0x0000000000400000-0x0000000000425000-memory.dmp

memory/4300-8-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3012-12-0x0000000000400000-0x0000000000425000-memory.dmp

memory/4300-11-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3012-10-0x0000000000430000-0x00000000004F9000-memory.dmp

memory/4300-13-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4300-14-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4300-17-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4556-22-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4576-23-0x0000000000400000-0x0000000000425000-memory.dmp

memory/5104-29-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5104-31-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5104-32-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4576-30-0x0000000000400000-0x0000000000425000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 d225596f2f54a23f71046bf01dfbf7d3
SHA1 7b34281395715a63c3f902b0d3a4dba7a876e880
SHA256 2b2b8e85cdc56bf2943c7ac6b6f88d1fc13c1edc52844b2af2a92f38998e3e2b
SHA512 c1791d26644c48287020019aa457bb78332668af1880fe9e8edf5a57824add93949bdd3123baebab6ae3af263b43175363631abc0e8c7cbe8f6be2151aff6099

memory/5104-36-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1068-40-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3260-46-0x0000000000400000-0x0000000000425000-memory.dmp

memory/2344-48-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2344-47-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3156-56-0x0000000000400000-0x000000000043C000-memory.dmp

memory/980-60-0x0000000000400000-0x0000000000425000-memory.dmp

memory/228-71-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3620-74-0x0000000000400000-0x0000000000425000-memory.dmp

memory/3540-84-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4844-89-0x0000000000400000-0x0000000000425000-memory.dmp