Malware Analysis Report

2024-12-07 21:58

Sample ID 240718-plcxwayamn
Target 575db21a5dc340c665e677bade789e3d_JaffaCakes118
SHA256 006c2f9910644d6cb24c2d325a55d95f36beab9854a1d80f13091507c785e72d
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

006c2f9910644d6cb24c2d325a55d95f36beab9854a1d80f13091507c785e72d

Threat Level: Known bad

The file 575db21a5dc340c665e677bade789e3d_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

Detect XtremeRAT payload

XtremeRAT

Boot or Logon Autostart Execution: Active Setup

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Suspicious use of SetThreadContext

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-18 12:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-18 12:24

Reported

2024-07-18 12:27

Platform

win7-20240708-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2484 set thread context of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2904 set thread context of 2816 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2740 set thread context of 2624 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 304 set thread context of 1008 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1656 set thread context of 1056 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1772 set thread context of 2672 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2168 set thread context of 2280 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1544 set thread context of 1848 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1092 set thread context of 2184 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2032 set thread context of 464 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1696 set thread context of 2548 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2920 set thread context of 2852 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 596 set thread context of 1104 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2112 set thread context of 308 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1912 set thread context of 1672 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1360 set thread context of 2932 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2484 set thread context of 2100 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2000 set thread context of 1528 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 952 set thread context of 1760 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 860 set thread context of 1524 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2680 set thread context of 2656 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1772 set thread context of 1892 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1524 set thread context of 2680 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1264 set thread context of 1696 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1044 set thread context of 1524 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3132 set thread context of 3152 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3272 set thread context of 3288 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3404 set thread context of 3420 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3532 set thread context of 3552 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3668 set thread context of 3688 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\kl.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe N/A
File created C:\Windows\InstallDir\kl.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2484 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 1340 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Windows\InstallDir\kl.exe
PID 1340 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Windows\InstallDir\kl.exe
PID 1340 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Windows\InstallDir\kl.exe
PID 1340 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Windows\InstallDir\kl.exe
PID 2904 wrote to memory of 2816 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2904 wrote to memory of 2816 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2904 wrote to memory of 2816 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2904 wrote to memory of 2816 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2904 wrote to memory of 2816 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2904 wrote to memory of 2816 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2904 wrote to memory of 2816 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe

Processes

C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/1340-2-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1340-3-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1340-4-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1340-5-0x0000000000C80000-0x0000000000C93000-memory.dmp

\Windows\InstallDir\kl.exe

MD5 575db21a5dc340c665e677bade789e3d
SHA1 b083f5c6e289f61799e2d9a1d20b84ee6b99a077
SHA256 006c2f9910644d6cb24c2d325a55d95f36beab9854a1d80f13091507c785e72d
SHA512 ab701a638ae6fc98a8429bb6b4c352c702e34c9ba709cc4d85c7cc2456987b79e604f726bdb7890999ca612a6c347c9d301a91118a73e7e5202c7e7d2ec93855

memory/1340-16-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2816-25-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Fy0VecmX.cfg

MD5 bb05d79a7873df664af7b26975f6fc4d
SHA1 be1140d890d7e73d84415a3dea96904f276a0d50
SHA256 651cab24968ddc71e78314488c06d0963d499b8f8241e91122423cedd4c60277
SHA512 c946f023f28cb0d51934714a86974e9f5b9c406492b60dd73c8bdc9186fd490ceabb7fb73fb0510a95b06ce6574bc5ab5a563a88ecb5342bad3a654b1606588e

memory/2816-28-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2624-35-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2624-39-0x0000000000C80000-0x0000000000C93000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-18 12:24

Reported

2024-07-18 12:27

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} C:\Windows\InstallDir\kl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" C:\Windows\InstallDir\kl.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\kl.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A
N/A N/A C:\Windows\InstallDir\kl.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4948 set thread context of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 3948 set thread context of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1396 set thread context of 3212 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1276 set thread context of 4588 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3504 set thread context of 4464 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 4772 set thread context of 1084 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3512 set thread context of 4140 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3308 set thread context of 4076 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 4336 set thread context of 4364 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2148 set thread context of 712 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2880 set thread context of 2556 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1936 set thread context of 3308 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2296 set thread context of 3184 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2148 set thread context of 3632 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1444 set thread context of 3444 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 4324 set thread context of 2132 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1504 set thread context of 5076 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2356 set thread context of 2548 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3548 set thread context of 628 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 2132 set thread context of 4212 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3740 set thread context of 3632 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 5276 set thread context of 5308 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 5448 set thread context of 5472 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 5608 set thread context of 5632 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 5940 set thread context of 5968 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 6120 set thread context of 4948 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3632 set thread context of 5332 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 5476 set thread context of 5628 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 5728 set thread context of 5720 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 6128 set thread context of 1496 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 1568 set thread context of 2544 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\InstallDir\kl.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\kl.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 4948 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
PID 2584 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Windows\InstallDir\kl.exe
PID 2584 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Windows\InstallDir\kl.exe
PID 2584 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3948 wrote to memory of 3116 N/A C:\Windows\InstallDir\kl.exe C:\Windows\InstallDir\kl.exe
PID 3116 wrote to memory of 3264 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 3264 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 3264 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 2732 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 2732 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 2732 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 2208 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 2208 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 2208 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 2928 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 2928 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3116 wrote to memory of 2928 N/A C:\Windows\InstallDir\kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Windows\InstallDir\kl.exe

"C:\Windows\InstallDir\kl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2584-2-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2584-3-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2584-4-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2584-5-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Windows\InstallDir\kl.exe

MD5 575db21a5dc340c665e677bade789e3d
SHA1 b083f5c6e289f61799e2d9a1d20b84ee6b99a077
SHA256 006c2f9910644d6cb24c2d325a55d95f36beab9854a1d80f13091507c785e72d
SHA512 ab701a638ae6fc98a8429bb6b4c352c702e34c9ba709cc4d85c7cc2456987b79e604f726bdb7890999ca612a6c347c9d301a91118a73e7e5202c7e7d2ec93855

memory/2584-21-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3116-25-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3116-26-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Fy0VecmX.cfg

MD5 bb05d79a7873df664af7b26975f6fc4d
SHA1 be1140d890d7e73d84415a3dea96904f276a0d50
SHA256 651cab24968ddc71e78314488c06d0963d499b8f8241e91122423cedd4c60277
SHA512 c946f023f28cb0d51934714a86974e9f5b9c406492b60dd73c8bdc9186fd490ceabb7fb73fb0510a95b06ce6574bc5ab5a563a88ecb5342bad3a654b1606588e

memory/3116-31-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3212-36-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4588-45-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4464-54-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1084-63-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4076-81-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4364-90-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/712-99-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2548-171-0x0000000000C80000-0x0000000000C93000-memory.dmp