Malware Analysis Report

2025-01-03 09:23

Sample ID 240620-q3nw5svekk
Target 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118
SHA256 2e710d253330193e485d010ab35d2d029f6278d8130a59e4f7aed0653174ffdf
Tags
bootkit persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2e710d253330193e485d010ab35d2d029f6278d8130a59e4f7aed0653174ffdf

Threat Level: Shows suspicious behavior

The file 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Executes dropped EXE

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 13:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 13:47

Reported

2024-06-20 13:49

Platform

win7-20240221-en

Max time kernel

62s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 832 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 832 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 832 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 832 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 832 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 832 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 832 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 832 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2724 wrote to memory of 2688 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2724 wrote to memory of 2688 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2724 wrote to memory of 2688 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2724 wrote to memory of 2688 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2724 wrote to memory of 2912 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2724 wrote to memory of 2912 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2724 wrote to memory of 2912 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2724 wrote to memory of 2912 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2912 wrote to memory of 2692 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2912 wrote to memory of 2692 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2912 wrote to memory of 2692 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2912 wrote to memory of 2692 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2912 wrote to memory of 2348 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2912 wrote to memory of 2348 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2912 wrote to memory of 2348 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2912 wrote to memory of 2348 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2348 wrote to memory of 884 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2348 wrote to memory of 884 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2348 wrote to memory of 884 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2348 wrote to memory of 884 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2348 wrote to memory of 2340 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2348 wrote to memory of 2340 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2348 wrote to memory of 2340 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2348 wrote to memory of 2340 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2340 wrote to memory of 1160 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2340 wrote to memory of 1160 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2340 wrote to memory of 1160 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2340 wrote to memory of 1160 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2340 wrote to memory of 2768 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2340 wrote to memory of 2768 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2340 wrote to memory of 2768 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2340 wrote to memory of 2768 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2768 wrote to memory of 1168 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2768 wrote to memory of 1168 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2768 wrote to memory of 1168 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2768 wrote to memory of 1168 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2768 wrote to memory of 2088 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2768 wrote to memory of 2088 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2768 wrote to memory of 2088 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2768 wrote to memory of 2088 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2088 wrote to memory of 2408 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2088 wrote to memory of 2408 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2088 wrote to memory of 2408 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2088 wrote to memory of 2408 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 2088 wrote to memory of 1544 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2088 wrote to memory of 1544 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2088 wrote to memory of 1544 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 2088 wrote to memory of 1544 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 1544 wrote to memory of 3012 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 1544 wrote to memory of 3012 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 1544 wrote to memory of 3012 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 1544 wrote to memory of 3012 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\explorer.exe
PID 1544 wrote to memory of 2028 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 1544 wrote to memory of 2028 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 1544 wrote to memory of 2028 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
PID 1544 wrote to memory of 2028 N/A C:\Windows\SysWOW64\XP-AB9DB5FA.EXE C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe"

C:\Windows\SysWOW64\explorer.exe

explorer C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-AB9DB5FA

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

C:\Windows\system32\XP-AB9DB5FA.EXE

Network

N/A

Files

memory/832-0-0x0000000000400000-0x000000000043F000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

MD5 c607573928aa8bff7fe6b997f8979da7
SHA1 6744d3a000177467b5c1e020ac763a4c6f5e8cd7
SHA256 7cebaf36a296b1d3ad581f6ae04defc186c45c930f284836d8fb81ef63beef91
SHA512 8ffdfbea84db9cb47cf09183d2c39d102d92c9e88cde2307b0925525043e5a453ab0505b2fdb3aa85e692aaf42cbd2b4a78c168b6c879952b8f3f99632da0112

memory/832-11-0x0000000010000000-0x000000001011C000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\com.run

MD5 007eb5c8194d1e8e4c30ce6132183a00
SHA1 dffbed87c6f77a7d1ad5c1830f5d830a87f02453
SHA256 c32771df076af7b332ac02831ae5a21a0117ff83a72ca91a99efcb00d70f1540
SHA512 bd45f45c907bba753afea4dfc7fb0a75794cca1bb751f7b8446e6d830c858a1d4c8660a8a07f41554024a6e431a43432383519eab326b0273e1b1ec71398a84b

memory/832-14-0x0000000000370000-0x00000000003BB000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

MD5 a1c93d806f4be79b034092b6191444ca
SHA1 be806eeca83fcbff3460e6547bfa045a5c67094a
SHA256 c4277e3123f6d1413f8d605e0ee3ae4c50ef67d4bacebc866938d572ed5373ed
SHA512 c1e6b6a6f640c0dcc0920d25a0b0a36ad02f9b0f7134966a924615354e5eb3e6914572491ce772621023293bad6cc1a0d392da2bf3dca8178b17d9a714dc2a31

memory/832-17-0x00000000003E0000-0x00000000003FE000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\shell.fne

MD5 d0af2e435bc19d8c75bfe4e5f7488e0a
SHA1 361c9bab7c187191d7812c0edc564e7236a00ba7
SHA256 6ea109725c4b51c85abf8ac2f7a22b7206cc5626899f0efdddbf778fd43af458
SHA512 530208da67a6b452c9acc5d58d70dc729c5aeeb9ba66d6c75b2980f55355dbc31239c7c38c35652b1fd6f70348e937e43f5337c28620cb36f90d39bce2d6a6d0

memory/832-20-0x0000000000560000-0x0000000000571000-memory.dmp

\Windows\SysWOW64\XP-AB9DB5FA.EXE

MD5 068cd7ee76ccad7b61a72b3a4ce93425
SHA1 7d3057f6dd1b1ab8dd8de4927e75def2af1ad860
SHA256 2e710d253330193e485d010ab35d2d029f6278d8130a59e4f7aed0653174ffdf
SHA512 94a0b4174476072e30996b27adc02d25dd01e534777ec0ccb7c2d8d5d8362786bea851b6979135119472a4f185d022df39f021bd6d77e3652a8547f6ec7746cc

memory/832-30-0x0000000001DA0000-0x0000000001DDF000-memory.dmp

memory/832-31-0x0000000001DA0000-0x0000000001DDF000-memory.dmp

memory/2724-32-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2724-44-0x0000000010000000-0x000000001011C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\RegEx.fnr

MD5 6e3ec5fe87effed87d55924a23ca9650
SHA1 d8f034c7718392b2dcc9f1f5db95897a0541fe77
SHA256 da5d04c64e050b03787ee0030924b69c6d453e3c25a20dcbbd42d5306d781686
SHA512 6f81a21db936300441d2e02cbf622214b3f2ec316de6778d78d2223c13690de8fc664c91428ef01275f2992444a2548fcf9225228a0eccde1d1e2beb8793c760

C:\Users\Admin\AppData\Local\Temp\E_4\spec.fne

MD5 f479b1f6af04850db6725b5ac697ab6c
SHA1 12459d253cc6c48ebfb46cdd25eed2467d042eb6
SHA256 318b07ff4125420e5103f7c144ef5d426164c7d4946b86c1758b1f24631950a0
SHA512 6ecb2e838404690674e5c3cf90c9eb8008414e0b108733b004f9e11e11c51415ac50fc6353690a465be5e25d97ec45a0544935416675e3d376ec7184d4a2a0ec

C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

MD5 85c448c7154fe3a00a9e9ddcce9e9e41
SHA1 d66e6a901e1ac3562fa1fce41cb062f11a9797ab
SHA256 7c8dbc49ce55b1bc4e770cf5a2f873afbc7a5476fd7f556a0f2204057d1b3ab5
SHA512 079f8906abb4f90e50125e91f395845679dcaaefa3a2d75b9fe789937591f6d9198a9370228e2e90aaaf995c94661049e3f065a54462ab1d07ac2c79e0abf494

C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

MD5 e0225b4ad23c539fa3cf1b27e4ef627c
SHA1 ce617a0e151f6766cab134b0ab28b7de18fd549f
SHA256 cdbbaf98e06893a905bfb981a4750696391f9333d01d87b5b0e598f74ec59e17
SHA512 cb92755473a2df7976e3298d13a46e306a74027e5c87190f48c43858e9b9ba328d63693054dcf34fbedff1a71aa3e95ed4ee4cceab3fd9782a2a0238613f990f

memory/2724-47-0x0000000000220000-0x000000000026B000-memory.dmp

memory/2724-52-0x0000000000540000-0x000000000055E000-memory.dmp

memory/2456-54-0x0000000003D10000-0x0000000003D20000-memory.dmp

memory/2724-53-0x0000000000560000-0x0000000000571000-memory.dmp

memory/2912-60-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2724-58-0x0000000000820000-0x000000000085F000-memory.dmp

memory/2724-57-0x0000000000820000-0x000000000085F000-memory.dmp

memory/2912-70-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2912-76-0x0000000001FE0000-0x0000000001FF1000-memory.dmp

memory/2912-72-0x0000000001E90000-0x0000000001EDB000-memory.dmp

memory/2912-75-0x00000000003D0000-0x00000000003EE000-memory.dmp

memory/2348-89-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2348-93-0x0000000001E50000-0x0000000001E9B000-memory.dmp

memory/2348-94-0x0000000001EA0000-0x0000000001EBE000-memory.dmp

memory/2348-95-0x0000000001EC0000-0x0000000001ED1000-memory.dmp

memory/2348-99-0x0000000001F00000-0x0000000001F3F000-memory.dmp

memory/2340-110-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2340-112-0x00000000008A0000-0x00000000008EB000-memory.dmp

memory/2340-116-0x0000000001DB0000-0x0000000001DC1000-memory.dmp

memory/2340-115-0x0000000001D90000-0x0000000001DAE000-memory.dmp

memory/2340-121-0x0000000001E00000-0x0000000001E3F000-memory.dmp

memory/2340-120-0x0000000001E00000-0x0000000001E3F000-memory.dmp

memory/2768-134-0x00000000002A0000-0x00000000002EB000-memory.dmp

memory/2724-133-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2724-132-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2768-138-0x0000000000570000-0x0000000000581000-memory.dmp

memory/2768-137-0x0000000000550000-0x000000000056E000-memory.dmp

memory/832-139-0x0000000000400000-0x000000000043F000-memory.dmp

memory/832-141-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2768-142-0x0000000001EB0000-0x0000000001EEF000-memory.dmp

memory/2088-144-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2768-143-0x0000000001EB0000-0x0000000001EEF000-memory.dmp

memory/2912-150-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2088-152-0x0000000001D90000-0x0000000001DDB000-memory.dmp

memory/2912-151-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2088-154-0x0000000001CB0000-0x0000000001CC1000-memory.dmp

memory/2088-153-0x0000000001C90000-0x0000000001CAE000-memory.dmp

memory/2348-155-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2348-156-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2088-157-0x0000000001FE0000-0x000000000201F000-memory.dmp

memory/2088-158-0x0000000001FE0000-0x000000000201F000-memory.dmp

memory/1544-163-0x0000000000350000-0x000000000039B000-memory.dmp

memory/1544-166-0x0000000000460000-0x0000000000471000-memory.dmp

memory/1544-165-0x0000000000440000-0x000000000045E000-memory.dmp

memory/2340-167-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2340-168-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1544-170-0x0000000000480000-0x00000000004BF000-memory.dmp

memory/2028-177-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2028-172-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2028-178-0x0000000000320000-0x000000000036B000-memory.dmp

memory/1544-171-0x0000000000480000-0x00000000004BF000-memory.dmp

memory/2028-180-0x0000000000460000-0x0000000000471000-memory.dmp

memory/2028-179-0x0000000000440000-0x000000000045E000-memory.dmp

memory/2028-187-0x0000000000480000-0x00000000004BF000-memory.dmp

memory/2028-186-0x0000000000480000-0x00000000004BF000-memory.dmp

memory/1752-188-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1752-189-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1752-190-0x0000000000260000-0x00000000002AB000-memory.dmp

memory/1752-192-0x0000000001D90000-0x0000000001DA1000-memory.dmp

memory/1752-191-0x00000000003D0000-0x00000000003EE000-memory.dmp

memory/1752-193-0x0000000002000000-0x000000000203F000-memory.dmp

memory/1752-194-0x0000000002000000-0x000000000203F000-memory.dmp

memory/2544-199-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2768-201-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2768-202-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2544-204-0x0000000001E00000-0x0000000001E11000-memory.dmp

memory/2544-205-0x00000000001B0000-0x00000000001FB000-memory.dmp

memory/2544-203-0x00000000005B0000-0x00000000005CE000-memory.dmp

memory/2544-206-0x0000000001F50000-0x0000000001F8F000-memory.dmp

memory/2544-207-0x0000000001F50000-0x0000000001F8F000-memory.dmp

memory/2796-212-0x0000000000440000-0x000000000048B000-memory.dmp

memory/2088-213-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2088-214-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2796-215-0x0000000000490000-0x00000000004AE000-memory.dmp

memory/2796-216-0x00000000004B0000-0x00000000004C1000-memory.dmp

memory/2796-217-0x0000000000700000-0x000000000073F000-memory.dmp

memory/1536-218-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1544-224-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1544-223-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2028-226-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2028-227-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1536-229-0x0000000001DD0000-0x0000000001DE1000-memory.dmp

memory/1536-228-0x0000000001CF0000-0x0000000001D0E000-memory.dmp

memory/1752-231-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1752-230-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1536-232-0x0000000002280000-0x00000000022BF000-memory.dmp

memory/1536-233-0x0000000002280000-0x00000000022BF000-memory.dmp

memory/2544-238-0x0000000000400000-0x000000000043F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 13:47

Reported

2024-06-20 13:49

Platform

win10v2004-20240508-en

Max time kernel

8s

Max time network

61s

Command Line

"C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A
N/A N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4276 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 4276 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 4276 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 4276 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4276 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4276 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4624 wrote to memory of 4620 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4624 wrote to memory of 4620 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4624 wrote to memory of 4620 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4624 wrote to memory of 2008 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4624 wrote to memory of 2008 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4624 wrote to memory of 2008 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2008 wrote to memory of 5040 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2008 wrote to memory of 5040 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2008 wrote to memory of 5040 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2008 wrote to memory of 4524 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2008 wrote to memory of 4524 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2008 wrote to memory of 4524 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4524 wrote to memory of 2712 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4524 wrote to memory of 2712 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4524 wrote to memory of 2712 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4524 wrote to memory of 4796 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\explorer.exe
PID 4524 wrote to memory of 4796 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\explorer.exe
PID 4524 wrote to memory of 4796 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\explorer.exe
PID 4796 wrote to memory of 3624 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4796 wrote to memory of 3624 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4796 wrote to memory of 3624 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 4796 wrote to memory of 1572 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4796 wrote to memory of 1572 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 4796 wrote to memory of 1572 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 1572 wrote to memory of 2144 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 1572 wrote to memory of 2144 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 1572 wrote to memory of 2144 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 1572 wrote to memory of 3356 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 1572 wrote to memory of 3356 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 1572 wrote to memory of 3356 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3356 wrote to memory of 3724 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3356 wrote to memory of 3724 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3356 wrote to memory of 3724 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3356 wrote to memory of 3428 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3356 wrote to memory of 3428 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3356 wrote to memory of 3428 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3428 wrote to memory of 4128 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3428 wrote to memory of 4128 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3428 wrote to memory of 4128 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 3428 wrote to memory of 2388 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3428 wrote to memory of 2388 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 3428 wrote to memory of 2388 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2388 wrote to memory of 4540 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2388 wrote to memory of 4540 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2388 wrote to memory of 4540 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2388 wrote to memory of 2856 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2388 wrote to memory of 2856 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2388 wrote to memory of 2856 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2856 wrote to memory of 1012 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2856 wrote to memory of 1012 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2856 wrote to memory of 1012 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2856 wrote to memory of 2792 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2856 wrote to memory of 2792 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2856 wrote to memory of 2792 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\XP-FEBFA1C7.EXE
PID 2792 wrote to memory of 2000 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2792 wrote to memory of 2000 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2792 wrote to memory of 2000 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe
PID 2792 wrote to memory of 2832 N/A C:\Windows\SysWOW64\XP-FEBFA1C7.EXE C:\Windows\SysWOW64\explorer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe"

C:\Windows\SysWOW64\explorer.exe

explorer C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\XP-FEBFA1C7

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

C:\Windows\system32\XP-FEBFA1C7.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4276-0-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

MD5 c607573928aa8bff7fe6b997f8979da7
SHA1 6744d3a000177467b5c1e020ac763a4c6f5e8cd7
SHA256 7cebaf36a296b1d3ad581f6ae04defc186c45c930f284836d8fb81ef63beef91
SHA512 8ffdfbea84db9cb47cf09183d2c39d102d92c9e88cde2307b0925525043e5a453ab0505b2fdb3aa85e692aaf42cbd2b4a78c168b6c879952b8f3f99632da0112

memory/4276-12-0x0000000010000000-0x000000001011C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\com.run

MD5 007eb5c8194d1e8e4c30ce6132183a00
SHA1 dffbed87c6f77a7d1ad5c1830f5d830a87f02453
SHA256 c32771df076af7b332ac02831ae5a21a0117ff83a72ca91a99efcb00d70f1540
SHA512 bd45f45c907bba753afea4dfc7fb0a75794cca1bb751f7b8446e6d830c858a1d4c8660a8a07f41554024a6e431a43432383519eab326b0273e1b1ec71398a84b

memory/4276-18-0x0000000002470000-0x00000000024BB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

MD5 a1c93d806f4be79b034092b6191444ca
SHA1 be806eeca83fcbff3460e6547bfa045a5c67094a
SHA256 c4277e3123f6d1413f8d605e0ee3ae4c50ef67d4bacebc866938d572ed5373ed
SHA512 c1e6b6a6f640c0dcc0920d25a0b0a36ad02f9b0f7134966a924615354e5eb3e6914572491ce772621023293bad6cc1a0d392da2bf3dca8178b17d9a714dc2a31

C:\Users\Admin\AppData\Local\Temp\E_4\shell.fne

MD5 d0af2e435bc19d8c75bfe4e5f7488e0a
SHA1 361c9bab7c187191d7812c0edc564e7236a00ba7
SHA256 6ea109725c4b51c85abf8ac2f7a22b7206cc5626899f0efdddbf778fd43af458
SHA512 530208da67a6b452c9acc5d58d70dc729c5aeeb9ba66d6c75b2980f55355dbc31239c7c38c35652b1fd6f70348e937e43f5337c28620cb36f90d39bce2d6a6d0

memory/4276-29-0x0000000002A40000-0x0000000002A5E000-memory.dmp

memory/4276-30-0x0000000002A60000-0x0000000002A71000-memory.dmp

C:\Windows\SysWOW64\XP-FEBFA1C7.EXE

MD5 068cd7ee76ccad7b61a72b3a4ce93425
SHA1 7d3057f6dd1b1ab8dd8de4927e75def2af1ad860
SHA256 2e710d253330193e485d010ab35d2d029f6278d8130a59e4f7aed0653174ffdf
SHA512 94a0b4174476072e30996b27adc02d25dd01e534777ec0ccb7c2d8d5d8362786bea851b6979135119472a4f185d022df39f021bd6d77e3652a8547f6ec7746cc

C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

MD5 e0225b4ad23c539fa3cf1b27e4ef627c
SHA1 ce617a0e151f6766cab134b0ab28b7de18fd549f
SHA256 cdbbaf98e06893a905bfb981a4750696391f9333d01d87b5b0e598f74ec59e17
SHA512 cb92755473a2df7976e3298d13a46e306a74027e5c87190f48c43858e9b9ba328d63693054dcf34fbedff1a71aa3e95ed4ee4cceab3fd9782a2a0238613f990f

C:\Users\Admin\AppData\Local\Temp\E_4\RegEx.fnr

MD5 6e3ec5fe87effed87d55924a23ca9650
SHA1 d8f034c7718392b2dcc9f1f5db95897a0541fe77
SHA256 da5d04c64e050b03787ee0030924b69c6d453e3c25a20dcbbd42d5306d781686
SHA512 6f81a21db936300441d2e02cbf622214b3f2ec316de6778d78d2223c13690de8fc664c91428ef01275f2992444a2548fcf9225228a0eccde1d1e2beb8793c760

C:\Users\Admin\AppData\Local\Temp\E_4\spec.fne

MD5 f479b1f6af04850db6725b5ac697ab6c
SHA1 12459d253cc6c48ebfb46cdd25eed2467d042eb6
SHA256 318b07ff4125420e5103f7c144ef5d426164c7d4946b86c1758b1f24631950a0
SHA512 6ecb2e838404690674e5c3cf90c9eb8008414e0b108733b004f9e11e11c51415ac50fc6353690a465be5e25d97ec45a0544935416675e3d376ec7184d4a2a0ec

C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

MD5 85c448c7154fe3a00a9e9ddcce9e9e41
SHA1 d66e6a901e1ac3562fa1fce41cb062f11a9797ab
SHA256 7c8dbc49ce55b1bc4e770cf5a2f873afbc7a5476fd7f556a0f2204057d1b3ab5
SHA512 079f8906abb4f90e50125e91f395845679dcaaefa3a2d75b9fe789937591f6d9198a9370228e2e90aaaf995c94661049e3f065a54462ab1d07ac2c79e0abf494

memory/4624-50-0x00000000022A0000-0x00000000022EB000-memory.dmp

memory/4624-49-0x0000000010000000-0x000000001011C000-memory.dmp

memory/4624-58-0x0000000002620000-0x0000000002631000-memory.dmp

memory/4624-57-0x00000000023F0000-0x000000000240E000-memory.dmp

memory/2008-60-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2008-73-0x0000000002120000-0x000000000216B000-memory.dmp

memory/2008-72-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2008-78-0x00000000026D0000-0x00000000026EE000-memory.dmp

memory/2008-79-0x0000000002850000-0x0000000002861000-memory.dmp

memory/4524-90-0x0000000010000000-0x000000001011C000-memory.dmp

memory/4524-93-0x0000000002330000-0x000000000237B000-memory.dmp

memory/4524-94-0x0000000002330000-0x000000000237B000-memory.dmp

memory/4524-100-0x0000000002930000-0x0000000002941000-memory.dmp

memory/4524-99-0x0000000002910000-0x000000000292E000-memory.dmp

memory/4796-102-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4276-113-0x0000000010000000-0x000000001011C000-memory.dmp

memory/4796-114-0x0000000010000000-0x000000001011C000-memory.dmp

memory/4276-112-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4796-117-0x0000000002110000-0x000000000215B000-memory.dmp

memory/4796-123-0x0000000002870000-0x0000000002881000-memory.dmp

memory/4796-122-0x0000000002620000-0x000000000263E000-memory.dmp

memory/4624-124-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4624-125-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1572-134-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1572-135-0x00000000022C0000-0x000000000230B000-memory.dmp

memory/2008-139-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1572-137-0x00000000030A0000-0x00000000030B1000-memory.dmp

memory/1572-136-0x0000000002F60000-0x0000000002F7E000-memory.dmp

memory/2008-138-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3356-144-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3356-145-0x00000000022E0000-0x000000000232B000-memory.dmp

memory/3356-146-0x0000000002460000-0x000000000247E000-memory.dmp

memory/3356-147-0x0000000002680000-0x0000000002691000-memory.dmp

memory/4524-148-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4524-149-0x0000000010000000-0x000000001011C000-memory.dmp

memory/3428-155-0x0000000010000000-0x000000001011C000-memory.dmp

memory/3428-154-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3428-156-0x0000000002050000-0x000000000209B000-memory.dmp

memory/3428-158-0x0000000002750000-0x0000000002761000-memory.dmp

memory/3428-157-0x0000000002730000-0x000000000274E000-memory.dmp

memory/2388-159-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2388-164-0x0000000010000000-0x000000001011C000-memory.dmp

memory/4796-166-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4796-167-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2388-165-0x0000000002370000-0x00000000023BB000-memory.dmp

memory/2388-169-0x0000000002500000-0x0000000002511000-memory.dmp

memory/2388-168-0x00000000024E0000-0x00000000024FE000-memory.dmp

memory/2856-174-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1572-175-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1572-176-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2856-177-0x00000000025D0000-0x000000000261B000-memory.dmp

memory/2856-178-0x0000000002F50000-0x0000000002F6E000-memory.dmp

memory/2856-179-0x0000000003070000-0x0000000003081000-memory.dmp

memory/3356-180-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3356-181-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2792-186-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2792-187-0x00000000024C0000-0x000000000250B000-memory.dmp

memory/2792-189-0x0000000003090000-0x00000000030A1000-memory.dmp

memory/2792-188-0x0000000002F70000-0x0000000002F8E000-memory.dmp

memory/3428-191-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3428-190-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2832-196-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2388-198-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2388-197-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2832-199-0x00000000021B0000-0x00000000021FB000-memory.dmp

memory/2832-201-0x0000000002680000-0x0000000002691000-memory.dmp

memory/2832-200-0x0000000002660000-0x000000000267E000-memory.dmp

memory/2856-206-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2856-207-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2300-208-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2300-209-0x0000000000730000-0x000000000077B000-memory.dmp

memory/2300-210-0x0000000002370000-0x000000000238E000-memory.dmp

memory/2300-211-0x00000000024A0000-0x00000000024B1000-memory.dmp

memory/3128-212-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3128-217-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2792-219-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2792-220-0x0000000010000000-0x000000001011C000-memory.dmp

memory/3128-218-0x0000000002220000-0x000000000226B000-memory.dmp

memory/3128-222-0x0000000002830000-0x0000000002841000-memory.dmp

memory/3128-221-0x0000000002810000-0x000000000282E000-memory.dmp

memory/2620-227-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2620-228-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2832-230-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2832-231-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2620-229-0x00000000022E0000-0x000000000232B000-memory.dmp

memory/2620-232-0x0000000002900000-0x000000000291E000-memory.dmp

memory/2620-233-0x0000000002920000-0x0000000002931000-memory.dmp

memory/1308-238-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1308-241-0x0000000002180000-0x00000000021CB000-memory.dmp

memory/2300-240-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2300-239-0x0000000010000000-0x000000001011C000-memory.dmp