Malware Analysis Report

2025-01-03 09:07

Sample ID 240620-nj43xaygkm
Target 058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118
SHA256 11cbf1644faaa3fa6fc7eba8e77f9170741ddf2995c27c571dec925cecef4686
Tags
bootkit persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

11cbf1644faaa3fa6fc7eba8e77f9170741ddf2995c27c571dec925cecef4686

Threat Level: Shows suspicious behavior

The file 058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Loads dropped DLL

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Unsigned PE

Program crash

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 11:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 11:26

Reported

2024-06-20 11:29

Platform

win7-20240221-en

Max time kernel

41s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000f00000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000f00000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 328 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 328 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 328 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 328 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 328 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 328 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 328 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 328 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2656 wrote to memory of 2584 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2656 wrote to memory of 2584 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2656 wrote to memory of 2584 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2656 wrote to memory of 2584 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2656 wrote to memory of 2436 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2656 wrote to memory of 2436 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2656 wrote to memory of 2436 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2656 wrote to memory of 2436 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2436 wrote to memory of 1340 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2436 wrote to memory of 1340 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2436 wrote to memory of 1340 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2436 wrote to memory of 1340 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2436 wrote to memory of 2816 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2436 wrote to memory of 2816 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2436 wrote to memory of 2816 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2436 wrote to memory of 2816 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2816 wrote to memory of 2700 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2816 wrote to memory of 2700 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2816 wrote to memory of 2700 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2816 wrote to memory of 2700 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2816 wrote to memory of 2176 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2816 wrote to memory of 2176 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2816 wrote to memory of 2176 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2816 wrote to memory of 2176 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2176 wrote to memory of 2680 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2176 wrote to memory of 2680 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2176 wrote to memory of 2680 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2176 wrote to memory of 2680 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2176 wrote to memory of 2480 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2176 wrote to memory of 2480 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2176 wrote to memory of 2480 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2176 wrote to memory of 2480 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2480 wrote to memory of 2924 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2480 wrote to memory of 2924 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2480 wrote to memory of 2924 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2480 wrote to memory of 2924 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2480 wrote to memory of 2972 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2480 wrote to memory of 2972 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2480 wrote to memory of 2972 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2480 wrote to memory of 2972 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2972 wrote to memory of 2116 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2972 wrote to memory of 2116 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2972 wrote to memory of 2116 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2972 wrote to memory of 2116 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2972 wrote to memory of 1648 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2972 wrote to memory of 1648 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2972 wrote to memory of 1648 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2972 wrote to memory of 1648 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 1648 wrote to memory of 1604 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 1648 wrote to memory of 1604 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 1648 wrote to memory of 1604 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 1648 wrote to memory of 1604 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 1648 wrote to memory of 2136 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 1648 wrote to memory of 2136 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 1648 wrote to memory of 2136 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 1648 wrote to memory of 2136 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe"

C:\Windows\SysWOW64\explorer.exe

explorer C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

Network

N/A

Files

memory/328-0-0x0000000000400000-0x000000000042A000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

MD5 1081d7eb7a17faedfa588b93fc85365e
SHA1 884e264fa37bfb9e71d24f3f5c7554fdf94a8b9f
SHA256 0351d055cf1e194302ab125cc93208a8c733efb45dc301ca6e7e2a4051f411e0
SHA512 1ff9e7c495b9e005c8d3b56219794c31d804fe1944429e3d4fe013fd8fcb3f51c02b588748c7d9d869fdb115851932e8db4e6792aecd9c83f28237702582ba81

\Users\Admin\AppData\Local\Temp\E_4\com.run

MD5 ce2f773275d3fe8b78f4cf067d5e6a0f
SHA1 b7135e34d46eb4303147492d5cee5e1ef7b392ab
SHA256 eb8099c0ad2d82d9d80530443e2909f3b34be0844d445e844f1c994476c86d2d
SHA512 d733dc01c047be56680629a385abdd2aa1598a2b5459269028446da9097b6f6c1e7ade5b74e3ac3809dd8a3f8d1cbbe7fd669f2762be61f9c38fd4a2cca9e063

memory/328-12-0x00000000002D0000-0x000000000031A000-memory.dmp

memory/328-19-0x0000000001C80000-0x0000000001C91000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\shell.fne

MD5 d54753e7fc3ea03aec0181447969c0e8
SHA1 824e7007b6569ae36f174c146ae1b7242f98f734
SHA256 192608ff371400c1529aa05f1adba0fe4fdd769fcbf35ee5f8b4f78a838a7ec9
SHA512 c25ed4cb38d5d5e95a267979f0f3f9398c04a1bf5822dceb03d6f6d9b4832dfb227f1e6868327e52a0303f45c36b9ba806e75b16bd7419a7c5203c2ecbae838f

memory/328-16-0x00000000005C0000-0x00000000005DE000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

MD5 6d4b2e73f6f8ecff02f19f7e8ef9a8c7
SHA1 09c32ca167136a17fd69df8c525ea5ffeca6c534
SHA256 fe5783e64aa70fac10c2e42d460732d9770534357329d8bc78576557c165f040
SHA512 2fd7a95cb632e9c4ac6b34e5b6b875aae94e73cd4b1f213e78f46dadab4846227a030776461bca08f9d75a1d61a0d45427f7b0c8b71406b7debc14db04b2ce04

\Windows\SysWOW64\XP-AB9DB5FA.EXE

MD5 058f67b1d16ae67eac4ed1841029d03b
SHA1 64acef0b1850146aa29cf2f61e1e47261f28fcf2
SHA256 11cbf1644faaa3fa6fc7eba8e77f9170741ddf2995c27c571dec925cecef4686
SHA512 b7a0da5598f95693e2f50a6e2ce18d039c34aee8aec7168f2774bd5c36c346133ff6297861736e3060c65a4181eddc25c01abcecd0bb9a4291d78defa083d91b

memory/328-30-0x0000000001CA0000-0x0000000001CCA000-memory.dmp

memory/328-29-0x0000000001CA0000-0x0000000001CCA000-memory.dmp

memory/2656-32-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

MD5 25b794b18bd8d03dc9530111cbce4173
SHA1 a6774d62bd1e9497fdfe6c61c495011fc6c274c6
SHA256 81757b48f2caecd6fd4f6699906e9320704c10b5c5dadc6c796b9809f0359ee4
SHA512 5892dc3c681571b2130695c4e8f598e732462746b9f5b8e7689108e393fb6d4edc32c97ef1f39f0c0abc901a590677f92c1abd1b809e5a875d025f4131d831ac

memory/2656-46-0x0000000000320000-0x000000000036A000-memory.dmp

memory/2656-53-0x00000000003E0000-0x00000000003F1000-memory.dmp

memory/2436-73-0x0000000000430000-0x0000000000441000-memory.dmp

memory/2436-75-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2816-94-0x0000000000380000-0x0000000000391000-memory.dmp

memory/2816-95-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2176-114-0x0000000000760000-0x0000000000771000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\RegEx.fne

MD5 a85d63acefa7a6fa639787e364c16892
SHA1 86ec32360c7ec9941b9411009de6aad0c83de46f
SHA256 d0b26b744a94a6dc22eba1b79089c4e1f45db18a68a9b02f58f017b94873dcb8
SHA512 fd12fbeab738358b47836badaf635511ea819fb5a35de4065b68d9b6f7e0f5eb443a7363164f32e8308701e78f2279c9c481038d09a2aa92a4ec184a91a2b9e8

memory/2480-136-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2480-135-0x00000000003D0000-0x00000000003E1000-memory.dmp

memory/328-138-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2480-139-0x0000000001D00000-0x0000000001D2A000-memory.dmp

memory/2972-140-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2480-133-0x0000000000330000-0x000000000034E000-memory.dmp

memory/2480-130-0x0000000001C60000-0x0000000001CAA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\spec.fne

MD5 c4337f54ceb6765fda33f96b8408c013
SHA1 242e447d71a346366526a721532b0d47d5d62239
SHA256 a3525832c5922696002c33ca8658a53a3bbcdd46a1e172ee1f5e815f037b7c08
SHA512 2bc2d4648b971f94e789815ce946578d412b585158056f10d2be147e194dfa8f4bd211eecb86b76aa78233da72b2544398945ca2850268109c6f3ef7e44a8c9c

C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

MD5 56e9e121d68b5631a360d56b2ef4777f
SHA1 e9d11a2baf46769c90ee1671cd17072efd8cfb52
SHA256 c247997b04fc5535bb07ab43c3628326c6365aa6a0bd82a6f380b8ab66a09d2f
SHA512 1ef52e0283d286a308fa1c927ff12aa43975a49d94d9386ee4a02b7e4f47de2e239a340a4427534c73c0039ea2c249e91b68f2dce1dfebf13c9879c4ea60b97e

memory/2176-112-0x0000000000740000-0x000000000075E000-memory.dmp

memory/2176-109-0x00000000005C0000-0x000000000060A000-memory.dmp

memory/2176-115-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2816-92-0x0000000000360000-0x000000000037E000-memory.dmp

memory/2656-74-0x0000000000430000-0x000000000045A000-memory.dmp

memory/2436-71-0x00000000003E0000-0x00000000003FE000-memory.dmp

memory/2436-68-0x0000000000390000-0x00000000003DA000-memory.dmp

memory/2592-54-0x0000000003A90000-0x0000000003AA0000-memory.dmp

memory/2656-50-0x00000000003B0000-0x00000000003CE000-memory.dmp

memory/2656-148-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2972-146-0x00000000002E0000-0x000000000032A000-memory.dmp

memory/2972-152-0x00000000005C0000-0x00000000005EA000-memory.dmp

memory/1648-154-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2972-153-0x00000000005C0000-0x00000000005EA000-memory.dmp

memory/1648-160-0x0000000000310000-0x000000000035A000-memory.dmp

memory/1648-162-0x0000000000390000-0x00000000003AE000-memory.dmp

memory/2136-170-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1648-169-0x0000000001DF0000-0x0000000001E1A000-memory.dmp

memory/1648-168-0x0000000001DF0000-0x0000000001E1A000-memory.dmp

memory/2136-171-0x00000000003A0000-0x00000000003EA000-memory.dmp

memory/2136-174-0x0000000001CB0000-0x0000000001CC1000-memory.dmp

memory/2136-173-0x0000000001C90000-0x0000000001CAE000-memory.dmp

memory/2136-176-0x0000000001DC0000-0x0000000001DEA000-memory.dmp

memory/2136-175-0x0000000001DC0000-0x0000000001DEA000-memory.dmp

memory/2364-182-0x00000000001C0000-0x000000000020A000-memory.dmp

memory/2364-184-0x0000000001C60000-0x0000000001C7E000-memory.dmp

memory/2364-188-0x0000000001CB0000-0x0000000001CDA000-memory.dmp

memory/2364-187-0x0000000001CB0000-0x0000000001CDA000-memory.dmp

memory/2328-193-0x0000000001E50000-0x0000000001E9A000-memory.dmp

memory/2328-196-0x00000000005C0000-0x00000000005D1000-memory.dmp

memory/2972-197-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2612-203-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2328-202-0x0000000001EA0000-0x0000000001ECA000-memory.dmp

memory/2612-204-0x0000000000290000-0x00000000002DA000-memory.dmp

memory/2612-210-0x0000000001CA0000-0x0000000001CCA000-memory.dmp

memory/3000-215-0x0000000001CA0000-0x0000000001CEA000-memory.dmp

memory/1648-217-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3000-221-0x0000000001CF0000-0x0000000001D1A000-memory.dmp

memory/3000-220-0x0000000001CF0000-0x0000000001D1A000-memory.dmp

memory/2212-226-0x0000000000220000-0x000000000026A000-memory.dmp

memory/2136-229-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2364-232-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2212-235-0x00000000003D0000-0x00000000003FA000-memory.dmp

memory/2212-234-0x00000000003D0000-0x00000000003FA000-memory.dmp

memory/2328-245-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1704-247-0x00000000003D0000-0x00000000003FA000-memory.dmp

memory/2612-256-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1704-246-0x00000000003D0000-0x00000000003FA000-memory.dmp

memory/2100-258-0x0000000000470000-0x000000000049A000-memory.dmp

memory/2100-259-0x0000000000470000-0x000000000049A000-memory.dmp

memory/3000-264-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1748-269-0x0000000001E20000-0x0000000001E4A000-memory.dmp

memory/1988-278-0x00000000003A0000-0x00000000003CA000-memory.dmp

memory/1988-279-0x00000000003A0000-0x00000000003CA000-memory.dmp

memory/2864-290-0x0000000001E80000-0x0000000001EAA000-memory.dmp

memory/2864-292-0x0000000001E80000-0x0000000001EAA000-memory.dmp

memory/2212-294-0x00000000003D0000-0x00000000003FA000-memory.dmp

memory/2212-293-0x00000000003D0000-0x00000000003FA000-memory.dmp

memory/2212-291-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1704-304-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1964-305-0x0000000002010000-0x000000000203A000-memory.dmp

memory/2100-310-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1748-315-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1132-318-0x0000000000400000-0x000000000042A000-memory.dmp

memory/304-317-0x0000000001E30000-0x0000000001E5A000-memory.dmp

memory/1988-325-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1132-329-0x0000000000570000-0x000000000059A000-memory.dmp

memory/1132-328-0x0000000000570000-0x000000000059A000-memory.dmp

memory/2864-335-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2596-340-0x0000000001E30000-0x0000000001E5A000-memory.dmp

memory/2496-342-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2596-341-0x0000000001E30000-0x0000000001E5A000-memory.dmp

memory/1964-347-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2496-353-0x0000000000740000-0x000000000076A000-memory.dmp

memory/304-352-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2496-354-0x0000000000740000-0x000000000076A000-memory.dmp

memory/1132-364-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2288-365-0x0000000001DE0000-0x0000000001E0A000-memory.dmp

memory/2660-367-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2288-366-0x0000000001DE0000-0x0000000001E0A000-memory.dmp

memory/2596-374-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2660-378-0x0000000000470000-0x000000000049A000-memory.dmp

memory/2660-377-0x0000000000470000-0x000000000049A000-memory.dmp

memory/640-387-0x0000000001E40000-0x0000000001E6A000-memory.dmp

memory/640-388-0x0000000001E40000-0x0000000001E6A000-memory.dmp

memory/2496-389-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2288-399-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1952-401-0x0000000001EA0000-0x0000000001ECA000-memory.dmp

memory/1952-400-0x0000000001EA0000-0x0000000001ECA000-memory.dmp

memory/2660-411-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1944-412-0x0000000000470000-0x000000000049A000-memory.dmp

memory/2612-418-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1944-417-0x0000000000470000-0x000000000049A000-memory.dmp

memory/640-423-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2100-428-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2612-427-0x0000000001CB0000-0x0000000001CDA000-memory.dmp

memory/2612-426-0x0000000001CB0000-0x0000000001CDA000-memory.dmp

memory/1952-435-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2100-440-0x00000000007E0000-0x000000000080A000-memory.dmp

memory/2100-439-0x00000000007E0000-0x000000000080A000-memory.dmp

memory/1944-445-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3184-451-0x00000000004B0000-0x00000000004DA000-memory.dmp

memory/3184-452-0x00000000004B0000-0x00000000004DA000-memory.dmp

memory/2612-457-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3328-463-0x0000000002030000-0x000000000205A000-memory.dmp

memory/3328-462-0x0000000002030000-0x000000000205A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 11:26

Reported

2024-06-20 11:29

Platform

win10v2004-20240611-en

Max time kernel

12s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4844 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 4844 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 4844 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 4844 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4844 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4844 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3624 wrote to memory of 4332 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3624 wrote to memory of 4332 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3624 wrote to memory of 4332 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3624 wrote to memory of 3968 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3624 wrote to memory of 3968 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3624 wrote to memory of 3968 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3968 wrote to memory of 3148 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3968 wrote to memory of 3148 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3968 wrote to memory of 3148 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3968 wrote to memory of 2816 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3968 wrote to memory of 2816 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3968 wrote to memory of 2816 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2816 wrote to memory of 3996 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2816 wrote to memory of 3996 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2816 wrote to memory of 3996 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2816 wrote to memory of 4980 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2816 wrote to memory of 4980 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2816 wrote to memory of 4980 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4980 wrote to memory of 4048 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4980 wrote to memory of 4048 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4980 wrote to memory of 4048 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4980 wrote to memory of 1664 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4980 wrote to memory of 1664 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4980 wrote to memory of 1664 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 1664 wrote to memory of 3856 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\explorer.exe
PID 1664 wrote to memory of 3856 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\explorer.exe
PID 1664 wrote to memory of 3856 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\explorer.exe
PID 1664 wrote to memory of 3160 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 1664 wrote to memory of 3160 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 1664 wrote to memory of 3160 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3160 wrote to memory of 2636 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3160 wrote to memory of 2636 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3160 wrote to memory of 2636 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3160 wrote to memory of 2404 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3160 wrote to memory of 2404 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3160 wrote to memory of 2404 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2404 wrote to memory of 1432 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2404 wrote to memory of 1432 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2404 wrote to memory of 1432 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2404 wrote to memory of 4276 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2404 wrote to memory of 4276 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2404 wrote to memory of 4276 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4276 wrote to memory of 3536 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4276 wrote to memory of 3536 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4276 wrote to memory of 3536 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4276 wrote to memory of 4280 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4276 wrote to memory of 4280 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4276 wrote to memory of 4280 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4280 wrote to memory of 3584 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4280 wrote to memory of 3584 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4280 wrote to memory of 3584 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4280 wrote to memory of 1716 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4280 wrote to memory of 1716 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4280 wrote to memory of 1716 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 1716 wrote to memory of 684 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 1716 wrote to memory of 684 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 1716 wrote to memory of 684 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 1716 wrote to memory of 1284 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118.exe"

C:\Windows\SysWOW64\explorer.exe

explorer C:\Users\Admin\AppData\Local\Temp\058f67b1d16ae67eac4ed1841029d03b_JaffaCakes118

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 12692 -s 932

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 12692 -ip 12692

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 12692 -s 932

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp

Files

memory/4844-0-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

MD5 1081d7eb7a17faedfa588b93fc85365e
SHA1 884e264fa37bfb9e71d24f3f5c7554fdf94a8b9f
SHA256 0351d055cf1e194302ab125cc93208a8c733efb45dc301ca6e7e2a4051f411e0
SHA512 1ff9e7c495b9e005c8d3b56219794c31d804fe1944429e3d4fe013fd8fcb3f51c02b588748c7d9d869fdb115851932e8db4e6792aecd9c83f28237702582ba81

C:\Users\Admin\AppData\Local\Temp\E_4\com.run

MD5 ce2f773275d3fe8b78f4cf067d5e6a0f
SHA1 b7135e34d46eb4303147492d5cee5e1ef7b392ab
SHA256 eb8099c0ad2d82d9d80530443e2909f3b34be0844d445e844f1c994476c86d2d
SHA512 d733dc01c047be56680629a385abdd2aa1598a2b5459269028446da9097b6f6c1e7ade5b74e3ac3809dd8a3f8d1cbbe7fd669f2762be61f9c38fd4a2cca9e063

memory/4844-15-0x00000000022E0000-0x000000000232A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

MD5 6d4b2e73f6f8ecff02f19f7e8ef9a8c7
SHA1 09c32ca167136a17fd69df8c525ea5ffeca6c534
SHA256 fe5783e64aa70fac10c2e42d460732d9770534357329d8bc78576557c165f040
SHA512 2fd7a95cb632e9c4ac6b34e5b6b875aae94e73cd4b1f213e78f46dadab4846227a030776461bca08f9d75a1d61a0d45427f7b0c8b71406b7debc14db04b2ce04

memory/4844-22-0x0000000002400000-0x000000000241E000-memory.dmp

memory/4844-28-0x00000000024F0000-0x0000000002501000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\shell.fne

MD5 d54753e7fc3ea03aec0181447969c0e8
SHA1 824e7007b6569ae36f174c146ae1b7242f98f734
SHA256 192608ff371400c1529aa05f1adba0fe4fdd769fcbf35ee5f8b4f78a838a7ec9
SHA512 c25ed4cb38d5d5e95a267979f0f3f9398c04a1bf5822dceb03d6f6d9b4832dfb227f1e6868327e52a0303f45c36b9ba806e75b16bd7419a7c5203c2ecbae838f

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

MD5 058f67b1d16ae67eac4ed1841029d03b
SHA1 64acef0b1850146aa29cf2f61e1e47261f28fcf2
SHA256 11cbf1644faaa3fa6fc7eba8e77f9170741ddf2995c27c571dec925cecef4686
SHA512 b7a0da5598f95693e2f50a6e2ce18d039c34aee8aec7168f2774bd5c36c346133ff6297861736e3060c65a4181eddc25c01abcecd0bb9a4291d78defa083d91b

memory/3624-36-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\spec.fne

MD5 c4337f54ceb6765fda33f96b8408c013
SHA1 242e447d71a346366526a721532b0d47d5d62239
SHA256 a3525832c5922696002c33ca8658a53a3bbcdd46a1e172ee1f5e815f037b7c08
SHA512 2bc2d4648b971f94e789815ce946578d412b585158056f10d2be147e194dfa8f4bd211eecb86b76aa78233da72b2544398945ca2850268109c6f3ef7e44a8c9c

C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

MD5 56e9e121d68b5631a360d56b2ef4777f
SHA1 e9d11a2baf46769c90ee1671cd17072efd8cfb52
SHA256 c247997b04fc5535bb07ab43c3628326c6365aa6a0bd82a6f380b8ab66a09d2f
SHA512 1ef52e0283d286a308fa1c927ff12aa43975a49d94d9386ee4a02b7e4f47de2e239a340a4427534c73c0039ea2c249e91b68f2dce1dfebf13c9879c4ea60b97e

C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

MD5 25b794b18bd8d03dc9530111cbce4173
SHA1 a6774d62bd1e9497fdfe6c61c495011fc6c274c6
SHA256 81757b48f2caecd6fd4f6699906e9320704c10b5c5dadc6c796b9809f0359ee4
SHA512 5892dc3c681571b2130695c4e8f598e732462746b9f5b8e7689108e393fb6d4edc32c97ef1f39f0c0abc901a590677f92c1abd1b809e5a875d025f4131d831ac

C:\Users\Admin\AppData\Local\Temp\E_4\RegEx.fne

MD5 a85d63acefa7a6fa639787e364c16892
SHA1 86ec32360c7ec9941b9411009de6aad0c83de46f
SHA256 d0b26b744a94a6dc22eba1b79089c4e1f45db18a68a9b02f58f017b94873dcb8
SHA512 fd12fbeab738358b47836badaf635511ea819fb5a35de4065b68d9b6f7e0f5eb443a7363164f32e8308701e78f2279c9c481038d09a2aa92a4ec184a91a2b9e8

memory/3624-50-0x0000000002160000-0x00000000021AA000-memory.dmp

memory/3624-59-0x0000000002510000-0x0000000002521000-memory.dmp

memory/3624-55-0x00000000024F0000-0x000000000250E000-memory.dmp

memory/3968-61-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3968-73-0x0000000002040000-0x000000000208A000-memory.dmp

memory/3968-80-0x0000000002500000-0x0000000002511000-memory.dmp

memory/3968-77-0x00000000022D0000-0x00000000022EE000-memory.dmp

memory/2816-93-0x00000000020B0000-0x00000000020FA000-memory.dmp

memory/2816-97-0x0000000002160000-0x000000000217E000-memory.dmp

memory/2816-100-0x0000000002480000-0x0000000002491000-memory.dmp

memory/4980-102-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4980-121-0x00000000024E0000-0x00000000024F1000-memory.dmp

memory/4980-118-0x00000000022E0000-0x00000000022FE000-memory.dmp

memory/4844-130-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1664-131-0x0000000002120000-0x000000000216A000-memory.dmp

memory/1664-134-0x0000000002680000-0x0000000002691000-memory.dmp

memory/1664-133-0x0000000002640000-0x000000000265E000-memory.dmp

memory/3160-135-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3160-140-0x0000000002000000-0x000000000204A000-memory.dmp

memory/3624-142-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3160-144-0x00000000023A0000-0x00000000023B1000-memory.dmp

memory/2404-149-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2404-150-0x00000000021C0000-0x000000000220A000-memory.dmp

memory/2404-153-0x0000000002E40000-0x0000000002E51000-memory.dmp

memory/2404-152-0x0000000002D20000-0x0000000002D3E000-memory.dmp

memory/3968-154-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4276-159-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2816-162-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4276-163-0x0000000002500000-0x000000000251E000-memory.dmp

memory/4276-164-0x0000000002520000-0x0000000002531000-memory.dmp

memory/4280-169-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4280-170-0x00000000023D0000-0x000000000241A000-memory.dmp

memory/4280-172-0x00000000026E0000-0x00000000026FE000-memory.dmp

memory/4280-173-0x0000000002700000-0x0000000002711000-memory.dmp

memory/4980-174-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1716-180-0x00000000021B0000-0x00000000021FA000-memory.dmp

memory/1716-183-0x0000000002610000-0x0000000002621000-memory.dmp

memory/1716-182-0x00000000022F0000-0x000000000230E000-memory.dmp

memory/1664-181-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3160-184-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1284-185-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1284-190-0x0000000002170000-0x00000000021BA000-memory.dmp

memory/1284-193-0x00000000024D0000-0x00000000024E1000-memory.dmp

memory/1284-192-0x0000000002230000-0x000000000224E000-memory.dmp

memory/2404-194-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1492-199-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1492-203-0x0000000002330000-0x000000000234E000-memory.dmp

memory/4276-202-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1492-204-0x00000000026F0000-0x0000000002701000-memory.dmp

memory/4280-205-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1716-210-0x0000000000400000-0x000000000042A000-memory.dmp

memory/116-211-0x0000000002140000-0x000000000218A000-memory.dmp

memory/116-213-0x0000000002370000-0x000000000238E000-memory.dmp

memory/4856-219-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1284-220-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4856-221-0x0000000002240000-0x000000000228A000-memory.dmp

memory/4856-223-0x0000000002380000-0x000000000239E000-memory.dmp

memory/4856-224-0x00000000024A0000-0x00000000024B1000-memory.dmp

memory/5056-230-0x0000000002180000-0x00000000021CA000-memory.dmp

memory/5056-232-0x0000000002420000-0x0000000002431000-memory.dmp

memory/1492-233-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1212-246-0x0000000000400000-0x000000000042A000-memory.dmp

memory/116-247-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4856-252-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5056-261-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3064-262-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1604-263-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1212-276-0x0000000000400000-0x000000000042A000-memory.dmp

memory/380-285-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5092-290-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3020-291-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3064-300-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4856-309-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5312-315-0x0000000000400000-0x000000000042A000-memory.dmp

memory/380-314-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5520-324-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3020-325-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5700-334-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5148-335-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5900-344-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5312-349-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6068-354-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5520-357-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5100-360-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5700-369-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5576-374-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5900-379-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5660-384-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6068-389-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5100-402-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5576-407-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2468-412-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5660-417-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5540-418-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5524-423-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5776-432-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4440-437-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6300-439-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2468-445-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6496-452-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5540-455-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6712-462-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5776-465-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6980-472-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6300-477-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5996-482-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6496-487-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5452-492-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6712-493-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6980-498-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6820-503-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6904-508-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5996-515-0x0000000000400000-0x000000000042A000-memory.dmp

memory/7028-522-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5452-523-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6820-528-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6276-533-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6904-538-0x0000000000400000-0x000000000042A000-memory.dmp

memory/7188-543-0x0000000000400000-0x000000000042A000-memory.dmp

memory/7028-552-0x0000000000400000-0x000000000042A000-memory.dmp

memory/7568-563-0x0000000000400000-0x000000000042A000-memory.dmp

memory/6276-564-0x0000000000400000-0x000000000042A000-memory.dmp

memory/7768-571-0x0000000000400000-0x000000000042A000-memory.dmp

memory/7188-572-0x0000000000400000-0x000000000042A000-memory.dmp

memory/7408-581-0x0000000000400000-0x000000000042A000-memory.dmp

memory/7948-584-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3480-599-0x0000000000400000-0x000000000042A000-memory.dmp

memory/7768-602-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5044-609-0x0000000000400000-0x000000000042A000-memory.dmp

memory/7928-618-0x0000000000400000-0x000000000042A000-memory.dmp

memory/8148-621-0x0000000000400000-0x000000000042A000-memory.dmp

memory/8092-628-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3480-633-0x0000000000400000-0x000000000042A000-memory.dmp