Malware Analysis Report

2025-01-02 02:45

Sample ID 240719-vbh9sszhnk
Target 5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118
SHA256 3b85a4d0cf75b169fd09840be864786e2fb3f5017b85d53b1e72f352e7c2ad7b
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3b85a4d0cf75b169fd09840be864786e2fb3f5017b85d53b1e72f352e7c2ad7b

Threat Level: Known bad

The file 5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

Detect XtremeRAT payload

XtremeRAT

Checks computer location settings

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-19 16:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-19 16:48

Reported

2024-07-19 16:51

Platform

win7-20240708-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2408 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2408 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe
PID 2408 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe
PID 2408 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe
PID 2408 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe
PID 3008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3008 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/2408-0-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2408-4-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3008-5-0x0000000000C80000-0x0000000000C98000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 95e041941fa084200002260a54049692
SHA1 8469a625efa76988619a90a1b8b2eadea40d007f
SHA256 9c0914deef6643cec9fb2171328349582b95b017079bd59ce6c3f5d55e026edf
SHA512 86b93c9bdd9646d0dea0e7b541867fbbbb775bbd16e7e25b127de02bd12284950e85161666a215f75f078df96c7f9092cc155ed7bd752598034bab06f802c670

memory/3008-9-0x0000000002A20000-0x0000000002A38000-memory.dmp

memory/3008-11-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2812-12-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2812-17-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2828-18-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2828-21-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3028-25-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1956-26-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1956-29-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1716-33-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2888-34-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2888-37-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2476-38-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2476-42-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1372-43-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1372-46-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/816-50-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1816-51-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1816-54-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2156-59-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2240-58-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2156-62-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2656-66-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1720-67-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1720-70-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2704-74-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1756-75-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1756-78-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/296-82-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2168-85-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3028-89-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2100-92-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2400-95-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2404-96-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2404-99-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3112-104-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2252-103-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3112-107-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3228-111-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3460-115-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3348-114-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3460-119-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3580-122-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3696-126-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3808-127-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3924-131-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3808-130-0x0000000000C80000-0x0000000000C98000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-19 16:48

Reported

2024-07-19 16:51

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1204 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe
PID 1204 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe
PID 1204 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe
PID 4652 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe
PID 4652 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe
PID 4652 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe
PID 920 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5ccda8dc28284ca8cea2d52b0bfcf182_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/1204-0-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1204-4-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/4652-5-0x0000000000C80000-0x0000000000C98000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 95e041941fa084200002260a54049692
SHA1 8469a625efa76988619a90a1b8b2eadea40d007f
SHA256 9c0914deef6643cec9fb2171328349582b95b017079bd59ce6c3f5d55e026edf
SHA512 86b93c9bdd9646d0dea0e7b541867fbbbb775bbd16e7e25b127de02bd12284950e85161666a215f75f078df96c7f9092cc155ed7bd752598034bab06f802c670

memory/4652-10-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/920-15-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1788-16-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1788-21-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2788-26-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2156-31-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1016-32-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1016-37-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/4184-42-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1596-47-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/4296-48-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/4296-52-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1352-53-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1352-58-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1692-63-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1656-68-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/972-69-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/972-74-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3812-79-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1996-84-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3908-85-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3908-89-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/4560-94-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/972-99-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/2156-104-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5036-109-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/3120-114-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5036-115-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5036-120-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1048-125-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5196-130-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5344-131-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5344-136-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5504-141-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5652-146-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5888-147-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5888-151-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/5224-155-0x0000000000C80000-0x0000000000C98000-memory.dmp

memory/1640-156-0x0000000000C80000-0x0000000000C98000-memory.dmp