Analysis Overview
SHA256
62b98bcdf890bff37ce85ce18d8b4ac046c6a248979ef068c3298e75a48dc5ad
Threat Level: Known bad
The file d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detect XtremeRAT payload
Xtremerat family
Isrstealer family
ISR Stealer
XtremeRAT
ISR Stealer payload
Boot or Logon Autostart Execution: Active Setup
Loads dropped DLL
Reads user/profile data of web browsers
Checks computer location settings
Reads data files stored by FTP clients
Executes dropped EXE
Adds Run key to start application
UPX packed file
Suspicious use of SetThreadContext
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-07 06:47
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-07 06:47
Reported
2024-12-07 06:50
Platform
win7-20241023-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Detect XtremeRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ISR Stealer
ISR Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Isrstealer family
XtremeRAT
Xtremerat family
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Windows\SysWOW64\svchost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Windows\SysWOW64\svchost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Windows\SysWOW64\svchost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Windows\SysWOW64\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
Suspicious use of SetThreadContext
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.zapto.org | udp |
Files
memory/2348-4-0x0000000000C80000-0x0000000000CAA000-memory.dmp
memory/2348-5-0x0000000000C80000-0x0000000000CAA000-memory.dmp
memory/2348-6-0x0000000000C80000-0x0000000000CAA000-memory.dmp
memory/2348-2-0x0000000000C80000-0x0000000000CAA000-memory.dmp
memory/2116-11-0x0000000000C80000-0x0000000000CAA000-memory.dmp
memory/2116-9-0x0000000000C80000-0x0000000000CAA000-memory.dmp
\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
| MD5 | f0ee8359740566432e38a3484cadca79 |
| SHA1 | a8ca527f525df95622f9184b29fffa7c9fbb2a5e |
| SHA256 | 56a7b8839eb72accb03d8509147f0278fb9739b72317b5d01a28457536f3a6dc |
| SHA512 | d19bd78f86e7c79e4517790d778101e7b9b517f5028182f703ac0ca2a3bd9ec97d9185ea3aa902330046eb8c289d153a4cd5e0816e8065ddbf20f7c0c630e60e |
\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
| MD5 | d1233b402c1f2eb42d9114cabc620af3 |
| SHA1 | 981ed9468d9ebca4ba046194822f87be88819bac |
| SHA256 | 62b98bcdf890bff37ce85ce18d8b4ac046c6a248979ef068c3298e75a48dc5ad |
| SHA512 | be1586ddf658184832198e66fb2453dd3b18faa2ace6e0b82887a5bf384c632aaf7c85f53c436b1661bb86c3fa93f42226ed6512bf62a5d6d6e9277418173d25 |
memory/2348-28-0x0000000000C80000-0x0000000000CAA000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg
| MD5 | 9484ce26d422922d74d5276a555fca5a |
| SHA1 | 1cc474a11be32d8957f45a845e36d3a07ad3d167 |
| SHA256 | bfcade57b3a8e37d02cb6176c10dd7a6cd57c6b75d4fe2b485758d3bb9576b75 |
| SHA512 | 592114e4bf48ad94f20605bf099b8261b3058d7e381593a043deaa045f2430327b9cd2c8f23c5bc22e73ea46e52e4e87cef60deb7e8ae168331342d2138db5f8 |
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe.exe
| MD5 | a2ce4c7b743725199da04033b5b57469 |
| SHA1 | 1ae348eafa097ab898941eafe912d711a407da10 |
| SHA256 | 0fff86057dcfb3975c8bc44459740ba5ffb43551931163538df3f39a6bb991bc |
| SHA512 | 23bd59f57b16cd496b550c1bba09eb3f9a9dfe764ea03470e3cc43e4d0b4ca415d239772e4a9b930749e88cead9a7ec4b0a77d0dd310e61d8c6521ae6ff278b0 |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1980-267-0x0000000000C80000-0x0000000000CAA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-07 06:47
Reported
2024-12-07 06:50
Platform
win10v2004-20241007-en
Max time kernel
125s
Max time network
150s
Command Line
Signatures
Detect XtremeRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ISR Stealer
ISR Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Isrstealer family
XtremeRAT
Xtremerat family
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
Executes dropped EXE
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
Suspicious use of SetThreadContext
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\svchost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
"C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | tomashardy.netau.net | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
memory/3184-2-0x0000000000C80000-0x0000000000CAA000-memory.dmp
memory/3184-4-0x0000000000C80000-0x0000000000CAA000-memory.dmp
memory/3184-6-0x0000000000C80000-0x0000000000CAA000-memory.dmp
memory/3184-5-0x0000000000C80000-0x0000000000CAA000-memory.dmp
memory/2360-9-0x0000000000C80000-0x0000000000CAA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
| MD5 | f0ee8359740566432e38a3484cadca79 |
| SHA1 | a8ca527f525df95622f9184b29fffa7c9fbb2a5e |
| SHA256 | 56a7b8839eb72accb03d8509147f0278fb9739b72317b5d01a28457536f3a6dc |
| SHA512 | d19bd78f86e7c79e4517790d778101e7b9b517f5028182f703ac0ca2a3bd9ec97d9185ea3aa902330046eb8c289d153a4cd5e0816e8065ddbf20f7c0c630e60e |
C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
| MD5 | d1233b402c1f2eb42d9114cabc620af3 |
| SHA1 | 981ed9468d9ebca4ba046194822f87be88819bac |
| SHA256 | 62b98bcdf890bff37ce85ce18d8b4ac046c6a248979ef068c3298e75a48dc5ad |
| SHA512 | be1586ddf658184832198e66fb2453dd3b18faa2ace6e0b82887a5bf384c632aaf7c85f53c436b1661bb86c3fa93f42226ed6512bf62a5d6d6e9277418173d25 |
memory/3184-25-0x0000000000C80000-0x0000000000CAA000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg
| MD5 | 9484ce26d422922d74d5276a555fca5a |
| SHA1 | 1cc474a11be32d8957f45a845e36d3a07ad3d167 |
| SHA256 | bfcade57b3a8e37d02cb6176c10dd7a6cd57c6b75d4fe2b485758d3bb9576b75 |
| SHA512 | 592114e4bf48ad94f20605bf099b8261b3058d7e381593a043deaa045f2430327b9cd2c8f23c5bc22e73ea46e52e4e87cef60deb7e8ae168331342d2138db5f8 |
C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe.exe
| MD5 | a2ce4c7b743725199da04033b5b57469 |
| SHA1 | 1ae348eafa097ab898941eafe912d711a407da10 |
| SHA256 | 0fff86057dcfb3975c8bc44459740ba5ffb43551931163538df3f39a6bb991bc |
| SHA512 | 23bd59f57b16cd496b550c1bba09eb3f9a9dfe764ea03470e3cc43e4d0b4ca415d239772e4a9b930749e88cead9a7ec4b0a77d0dd310e61d8c6521ae6ff278b0 |
memory/1952-61-0x0000000000C80000-0x0000000000CAA000-memory.dmp
memory/1952-59-0x0000000000C80000-0x0000000000CAA000-memory.dmp