Malware Analysis Report

2025-01-02 02:32

Sample ID 240719-bl1gaayfja
Target 59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118
SHA256 f9adc4f7e8e13e652e9a31525c191903d5efe9b0deb91caf715548e59898c216
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f9adc4f7e8e13e652e9a31525c191903d5efe9b0deb91caf715548e59898c216

Threat Level: Known bad

The file 59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

Detect XtremeRAT payload

XtremeRAT

Checks computer location settings

Suspicious use of SetThreadContext

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-19 01:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-19 01:14

Reported

2024-07-19 01:17

Platform

win7-20240705-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2948 set thread context of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2136 set thread context of 2652 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2860 set thread context of 2296 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3028 set thread context of 2144 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1924 set thread context of 2132 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2984 set thread context of 272 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 660 set thread context of 2124 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2696 set thread context of 444 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 888 set thread context of 2360 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2016 set thread context of 2032 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2120 set thread context of 1648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2436 set thread context of 1988 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2136 set thread context of 2712 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2640 set thread context of 1644 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1064 set thread context of 1660 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2372 set thread context of 2328 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1928 set thread context of 2108 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2936 set thread context of 1872 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3020 set thread context of 2864 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1736 set thread context of 300 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 404 set thread context of 624 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2108 set thread context of 2936 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 296 set thread context of 2864 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 560 set thread context of 2100 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2592 set thread context of 2008 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2316 set thread context of 316 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3140 set thread context of 3172 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3288 set thread context of 3304 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3416 set thread context of 3432 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3552 set thread context of 3568 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3684 set thread context of 3700 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3816 set thread context of 3832 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2948 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3012 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3012 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3012 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3012 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2136 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2136 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2136 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2136 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2136 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2136 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2136 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

Processes

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/3012-2-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/3012-5-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/3012-4-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/3012-3-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/3012-8-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/2652-14-0x0000000000C80000-0x0000000000C99000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 214f23d872806923989e565a919d664c
SHA1 45694f40c8e2e518a32b7dad8bf7292ca643f028
SHA256 6b680f608d0a8f2ef40de6c27f8ab9e7e925cd074ab123dcd8a74a14f7ad30c0
SHA512 4bc1133d257ff02fdcdf915326c1ad37fa8a258ce09cb1a2c46c3ff033cd0550ab47a9a58628bf3ad3a9c46810fd39cec7ef26e617a71c24237bb6b8828333ca

memory/2652-16-0x0000000000C80000-0x0000000000C99000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-19 01:14

Reported

2024-07-19 01:17

Platform

win10v2004-20240709-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1440 set thread context of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 set thread context of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2608 set thread context of 2828 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3940 set thread context of 1964 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 4300 set thread context of 3360 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 4480 set thread context of 3252 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2372 set thread context of 4872 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2204 set thread context of 2660 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1012 set thread context of 3932 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 4016 set thread context of 4372 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 4144 set thread context of 544 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2632 set thread context of 548 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2348 set thread context of 3696 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 220 set thread context of 4492 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1660 set thread context of 1364 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 3504 set thread context of 1964 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 4308 set thread context of 1844 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 4056 set thread context of 2584 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 744 set thread context of 4500 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 808 set thread context of 3972 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 5200 set thread context of 5228 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 5632 set thread context of 5656 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 5812 set thread context of 5836 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 5976 set thread context of 6000 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1652 set thread context of 4480 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 5052 set thread context of 5332 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 5476 set thread context of 5508 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 5456 set thread context of 5736 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 6004 set thread context of 2480 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 5176 set thread context of 4728 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 5288 set thread context of 5532 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1440 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2648 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2648 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2648 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 2648 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 1264 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
PID 5020 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/2648-2-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/2648-3-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/2648-4-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/2648-5-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/2648-8-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/5020-13-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/5020-14-0x0000000000C80000-0x0000000000C99000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 214f23d872806923989e565a919d664c
SHA1 45694f40c8e2e518a32b7dad8bf7292ca643f028
SHA256 6b680f608d0a8f2ef40de6c27f8ab9e7e925cd074ab123dcd8a74a14f7ad30c0
SHA512 4bc1133d257ff02fdcdf915326c1ad37fa8a258ce09cb1a2c46c3ff033cd0550ab47a9a58628bf3ad3a9c46810fd39cec7ef26e617a71c24237bb6b8828333ca

memory/5020-18-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/2828-22-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/3252-43-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/1964-113-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/1844-120-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/2584-127-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/4500-134-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/5228-148-0x0000000000C80000-0x0000000000C99000-memory.dmp

memory/5508-190-0x0000000000C80000-0x0000000000C99000-memory.dmp