Malware Analysis Report

2024-12-07 22:01

Sample ID 240716-apmtxsyhme
Target 4c0bff49e5114f215b95873223a93693_JaffaCakes118
SHA256 68c93bce1a32e857e4fa31bd89bcaf8b923d59f1f9d69641ea2ccbffd8b5e67c
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

68c93bce1a32e857e4fa31bd89bcaf8b923d59f1f9d69641ea2ccbffd8b5e67c

Threat Level: Known bad

The file 4c0bff49e5114f215b95873223a93693_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

Detect XtremeRAT payload

XtremeRAT

Boot or Logon Autostart Execution: Active Setup

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-16 00:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-16 00:23

Reported

2024-07-16 00:25

Platform

win7-20240704-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File created C:\Windows\InstallDir\xcxccc.exe C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2912 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2912 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2912 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2912 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2912 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2912 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2912 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\InstallDir\xcxccc.exe
PID 2912 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\InstallDir\xcxccc.exe
PID 2912 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\InstallDir\xcxccc.exe
PID 2912 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\InstallDir\xcxccc.exe
PID 2964 wrote to memory of 2604 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 2964 wrote to memory of 2604 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 2964 wrote to memory of 2604 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 2964 wrote to memory of 2604 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 2964 wrote to memory of 2604 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 2964 wrote to memory of 2676 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2964 wrote to memory of 2676 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2964 wrote to memory of 2676 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2964 wrote to memory of 2676 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2964 wrote to memory of 2676 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2964 wrote to memory of 2732 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2964 wrote to memory of 2732 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2964 wrote to memory of 2732 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2964 wrote to memory of 2732 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2964 wrote to memory of 2732 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2964 wrote to memory of 3064 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files\Internet Explorer\iexplore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

Network

N/A

Files

memory/2912-0-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2912-1-0x0000000000020000-0x0000000000023000-memory.dmp

memory/2912-3-0x0000000000C81000-0x0000000000C8A000-memory.dmp

memory/2912-2-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2760-10-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2760-12-0x0000000000C80000-0x0000000000CB5000-memory.dmp

C:\Windows\InstallDir\xcxccc.exe

MD5 4c0bff49e5114f215b95873223a93693
SHA1 628933ae4a1fc0d7800ddbed802cbca61016a049
SHA256 68c93bce1a32e857e4fa31bd89bcaf8b923d59f1f9d69641ea2ccbffd8b5e67c
SHA512 89643d6cff84d7b4fbde342db9f169f58b8a38c0ade4d16ab19de12bf80566413f5919204e612f7ab178897198d459cee2708398d8f6a542575c1a8b8c3c9558

memory/2912-21-0x00000000032D0000-0x0000000003305000-memory.dmp

memory/2912-23-0x00000000032D0000-0x0000000003305000-memory.dmp

memory/2912-22-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2964-25-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2964-26-0x0000000000C80000-0x0000000000CB5000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\.cfg

MD5 0267f546445bd28b24c7b495f3ab6cce
SHA1 0b0abb114794ad90aca65501ff0c2e180476f7b4
SHA256 dc3ae2ea88f7e35aa05b3a6ab4b79c3033fc9a4b08cb4a49827fa20b28a97632
SHA512 e5f66ed90296fd7609338f4df2170d3309ef35a021c8eeabc3f34fe13e67525714fb47b258d91f322296dfeb2fb474711df9ef6c2741aa979c4bd2998d14e2a6

memory/2604-31-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2956-36-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2964-35-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2572-41-0x0000000000C80000-0x0000000000CB5000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2956-46-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2040-47-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2876-51-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2040-55-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1072-56-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1072-57-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3008-63-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1072-66-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2476-67-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2932-72-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2476-75-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1124-76-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1124-77-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2256-82-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2568-87-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1124-86-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2028-92-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1740-97-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1740-96-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2568-95-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2452-103-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2824-108-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2824-107-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1740-105-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2788-113-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2236-118-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2236-117-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2824-116-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2864-124-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2236-127-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2680-129-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2080-139-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2680-137-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2080-148-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2032-149-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2032-158-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2392-160-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2052-171-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2392-169-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2928-180-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2052-179-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1280-193-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2928-191-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1280-201-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2452-202-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2452-213-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2868-214-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2868-223-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2484-225-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2484-235-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1680-237-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/568-247-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1680-245-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1680-259-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/568-257-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3084-269-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1680-267-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3260-279-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3084-281-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3260-289-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3432-290-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3432-300-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3600-301-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3600-310-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3772-311-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3944-322-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3772-320-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2544-332-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3944-330-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3316-342-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2544-341-0x0000000000C80000-0x0000000000CB5000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-16 00:23

Reported

2024-07-16 00:25

Platform

win10v2004-20240709-en

Max time kernel

150s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\xcxccc.exe restart" C:\Windows\InstallDir\xcxccc.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\xcxccc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\xcxccc.exe" C:\Windows\InstallDir\xcxccc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File created C:\Windows\InstallDir\xcxccc.exe C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\xcxccc.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\xcxccc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2160 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2160 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2160 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2160 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2160 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\InstallDir\xcxccc.exe
PID 2160 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\InstallDir\xcxccc.exe
PID 2160 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe C:\Windows\InstallDir\xcxccc.exe
PID 3848 wrote to memory of 3144 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 3848 wrote to memory of 3144 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 3848 wrote to memory of 3144 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 3848 wrote to memory of 3144 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 3848 wrote to memory of 3836 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 3836 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 3836 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 2308 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 2308 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 2308 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 3504 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 3504 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 3504 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 3944 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 3944 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 3944 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4956 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4956 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4956 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4624 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4624 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4624 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 2668 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 2668 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 2668 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1644 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1644 N/A C:\Windows\InstallDir\xcxccc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 2788 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe
PID 3848 wrote to memory of 2788 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe
PID 3848 wrote to memory of 2788 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\InstallDir\xcxccc.exe
PID 2788 wrote to memory of 4480 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 2788 wrote to memory of 4480 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 2788 wrote to memory of 4480 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe
PID 2788 wrote to memory of 4480 N/A C:\Windows\InstallDir\xcxccc.exe C:\Windows\SysWOW64\svchost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4c0bff49e5114f215b95873223a93693_JaffaCakes118.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\xcxccc.exe

"C:\Windows\InstallDir\xcxccc.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp

Files

memory/2160-0-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2160-1-0x00000000001C0000-0x00000000001C3000-memory.dmp

memory/2160-2-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2160-3-0x0000000000C81000-0x0000000000C8A000-memory.dmp

memory/1368-10-0x0000000000C80000-0x0000000000CB5000-memory.dmp

C:\Windows\InstallDir\xcxccc.exe

MD5 4c0bff49e5114f215b95873223a93693
SHA1 628933ae4a1fc0d7800ddbed802cbca61016a049
SHA256 68c93bce1a32e857e4fa31bd89bcaf8b923d59f1f9d69641ea2ccbffd8b5e67c
SHA512 89643d6cff84d7b4fbde342db9f169f58b8a38c0ade4d16ab19de12bf80566413f5919204e612f7ab178897198d459cee2708398d8f6a542575c1a8b8c3c9558

memory/2160-47-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3848-45-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3848-44-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3848-43-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3848-48-0x0000000000C80000-0x0000000000CB5000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\.cfg

MD5 0267f546445bd28b24c7b495f3ab6cce
SHA1 0b0abb114794ad90aca65501ff0c2e180476f7b4
SHA256 dc3ae2ea88f7e35aa05b3a6ab4b79c3033fc9a4b08cb4a49827fa20b28a97632
SHA512 e5f66ed90296fd7609338f4df2170d3309ef35a021c8eeabc3f34fe13e67525714fb47b258d91f322296dfeb2fb474711df9ef6c2741aa979c4bd2998d14e2a6

memory/3144-52-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2788-59-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2788-58-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2788-57-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3848-56-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4480-63-0x0000000000C80000-0x0000000000CB5000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2788-68-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1836-69-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1836-70-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4608-74-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1836-78-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4084-79-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4344-83-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4084-86-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4864-87-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4864-88-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2416-92-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4864-96-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/5008-97-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/5008-98-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4492-102-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3500-108-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/5008-107-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3500-105-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2748-112-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3500-116-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2952-118-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2952-117-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4420-122-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2952-126-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3464-127-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3564-131-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1240-135-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1240-134-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3464-137-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/648-141-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1240-145-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2464-146-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4724-150-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2464-155-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2132-156-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2132-162-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4680-163-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4680-164-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/5008-168-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4012-171-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4680-174-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4012-173-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3336-178-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4012-181-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1892-183-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3112-187-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1056-191-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1892-193-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1056-199-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1184-201-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1184-210-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1936-211-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1936-219-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3588-228-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4800-237-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/392-247-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/628-248-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3220-257-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/628-256-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/3220-264-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1732-266-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1732-272-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1728-279-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1588-286-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2660-287-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/2660-294-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/4424-295-0x0000000000C80000-0x0000000000CB5000-memory.dmp