Malware Analysis Report

2025-01-02 02:21

Sample ID 240719-fnbcdsxcje
Target 5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118
SHA256 f09f5737cc736ac13fe222e21d802729b1c9d212ab3b19f5bde6bea736799f95
Tags
xtremerat persistence rat spyware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f09f5737cc736ac13fe222e21d802729b1c9d212ab3b19f5bde6bea736799f95

Threat Level: Known bad

The file 5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware upx

Detect XtremeRAT payload

XtremeRAT

Boot or Logon Autostart Execution: Active Setup

Deletes itself

Loads dropped DLL

UPX packed file

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Drops file in System32 directory

Suspicious use of SetThreadContext

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-19 05:00

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-19 05:00

Reported

2024-07-19 05:03

Platform

win7-20240704-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\system32\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\system32\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3056 set thread context of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 2736 set thread context of 2616 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1984 set thread context of 1896 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 2588 set thread context of 1816 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1532 set thread context of 2340 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1356 set thread context of 1840 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 372 set thread context of 2240 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 2704 set thread context of 2772 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2480 set thread context of 2012 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 1288 set thread context of 2924 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1016 set thread context of 1140 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1688 set thread context of 1612 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 988 set thread context of 2296 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2764 set thread context of 2988 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1312 set thread context of 1808 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2468 set thread context of 1016 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 2356 set thread context of 1580 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1608 set thread context of 2412 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2480 set thread context of 2296 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 840 set thread context of 712 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 2756 set thread context of 2600 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2480 set thread context of 2424 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2320 set thread context of 1016 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 2648 set thread context of 1504 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2464 set thread context of 2036 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 2876 set thread context of 2524 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1756 set thread context of 1752 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3092 set thread context of 3112 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 3240 set thread context of 3268 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3380 set thread context of 3404 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3496 set thread context of 3524 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3756 set thread context of 3772 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 3912 set thread context of 3936 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4048 set thread context of 4068 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3300 set thread context of 3320 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 3484 set thread context of 3516 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3764 set thread context of 3792 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4048 set thread context of 2924 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 3416 set thread context of 4068 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3672 set thread context of 3756 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3104 set thread context of 3860 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 3224 set thread context of 3548 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3868 set thread context of 3296 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3536 set thread context of 3936 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 3312 set thread context of 3304 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3296 set thread context of 3104 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2316 set thread context of 936 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 3620 set thread context of 3104 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4264 set thread context of 4280 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4376 set thread context of 4392 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4612 set thread context of 4636 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 4736 set thread context of 4760 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 4824 set thread context of 4840 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5092 set thread context of 5108 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 4264 set thread context of 4332 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 4296 set thread context of 4420 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4612 set thread context of 4688 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4824 set thread context of 4932 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 3308 set thread context of 4108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4644 set thread context of 4632 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 5108 set thread context of 4836 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4288 set thread context of 4936 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 4124 set thread context of 4620 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4920 set thread context of 3620 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3056 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 2740 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2740 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2740 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2740 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2740 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2740 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2740 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2740 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2740 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2740 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2740 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2740 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\update.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

Network

N/A

Files

memory/3056-0-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2740-8-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2740-7-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3056-6-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2740-4-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2740-3-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2856-12-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2856-14-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Windows\SysWOW64\InstallDir\update.exe

MD5 5a8ffde10aa99fe1da4a56fada54d917
SHA1 915cb298fd128875abc1b02f606bd554403ff79e
SHA256 f09f5737cc736ac13fe222e21d802729b1c9d212ab3b19f5bde6bea736799f95
SHA512 c6bb1c1ea4a59089177ffd525ae46ab61a5ea9deca2e1083d906ec7eb6c3047130002b1048156afed01b18ff8cd35ae3c905afa9d77aa0ede053362d643e8f47

memory/2740-18-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2736-19-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2736-23-0x00000000001C0000-0x00000000001F8000-memory.dmp

memory/2736-25-0x00000000001C0000-0x00000000001F8000-memory.dmp

memory/2736-32-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2616-42-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2616-40-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2616-56-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2616-55-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2616-54-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2616-52-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2616-50-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2616-48-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2616-46-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2616-44-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2616-38-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\YDZTQCJEq.cfg

MD5 110da2c896840c2c2563ab943b808a0d
SHA1 13c28e22c5ea440be5dd13357a525a2e34403a5b
SHA256 b7148ecb75cf91bfdf5eab21068657d79b175bf7500c75fa6cf0dc251c553fe0
SHA512 beac8beb43df746ba530ab12752049b7b4716a29c58a26a6d4b94b3e4ecfe8720e3df8cb9d0088c35bc8d478f9ef2d990238fc23f99202f22956ff586a7256dd

memory/2616-63-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1984-71-0x0000000000230000-0x0000000000268000-memory.dmp

memory/1984-72-0x0000000000230000-0x0000000000268000-memory.dmp

memory/1984-70-0x0000000000230000-0x0000000000268000-memory.dmp

memory/1984-69-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1984-76-0x0000000000290000-0x00000000002C8000-memory.dmp

memory/1984-80-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1896-89-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1896-91-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1896-95-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1896-94-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1896-93-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1896-92-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1896-90-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1896-88-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1896-87-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1896-86-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1896-85-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2588-107-0x00000000001C0000-0x00000000001F8000-memory.dmp

memory/2588-106-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2856-105-0x0000000000490000-0x00000000004C8000-memory.dmp

memory/2588-114-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1816-125-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1816-127-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1816-126-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1816-128-0x0000000000230000-0x0000000000268000-memory.dmp

memory/1816-129-0x0000000000230000-0x0000000000268000-memory.dmp

memory/1532-140-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1532-139-0x0000000000830000-0x0000000000868000-memory.dmp

memory/1532-138-0x0000000000830000-0x0000000000868000-memory.dmp

memory/2340-161-0x00000000003B0000-0x00000000003E8000-memory.dmp

memory/2340-162-0x00000000003B0000-0x00000000003E8000-memory.dmp

memory/1532-148-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1356-175-0x00000000002E0000-0x0000000000318000-memory.dmp

memory/1356-174-0x00000000002E0000-0x0000000000318000-memory.dmp

memory/2856-173-0x0000000000490000-0x00000000004C8000-memory.dmp

memory/2856-172-0x0000000000490000-0x00000000004C8000-memory.dmp

memory/1356-179-0x0000000000320000-0x0000000000358000-memory.dmp

memory/1356-184-0x00000000002E0000-0x0000000000318000-memory.dmp

memory/1356-183-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1840-189-0x00000000002E0000-0x0000000000318000-memory.dmp

memory/1840-188-0x00000000002E0000-0x0000000000318000-memory.dmp

memory/1840-200-0x00000000002E0000-0x0000000000318000-memory.dmp

memory/1840-211-0x00000000002E0000-0x0000000000318000-memory.dmp

memory/372-218-0x0000000000230000-0x0000000000268000-memory.dmp

memory/372-217-0x0000000000230000-0x0000000000268000-memory.dmp

memory/372-216-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2856-221-0x0000000000490000-0x00000000004C8000-memory.dmp

memory/372-224-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2240-237-0x0000000000830000-0x0000000000868000-memory.dmp

memory/2856-240-0x0000000000490000-0x00000000004C8000-memory.dmp

memory/2240-239-0x0000000000830000-0x0000000000868000-memory.dmp

memory/2240-238-0x0000000000830000-0x0000000000868000-memory.dmp

memory/2704-242-0x00000000001C0000-0x00000000001F8000-memory.dmp

memory/2704-247-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2772-257-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2772-258-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2480-271-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2480-268-0x00000000002D0000-0x0000000000308000-memory.dmp

memory/2480-267-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2480-266-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2480-265-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2012-285-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2012-284-0x0000000000230000-0x0000000000268000-memory.dmp

memory/1288-293-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1288-292-0x0000000000230000-0x0000000000268000-memory.dmp

memory/1288-298-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2924-309-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2856-313-0x0000000000490000-0x00000000004C8000-memory.dmp

memory/1016-318-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1140-329-0x00000000002D0000-0x0000000000308000-memory.dmp

memory/1140-336-0x00000000002D0000-0x0000000000308000-memory.dmp

memory/1688-339-0x00000000008F0000-0x0000000000928000-memory.dmp

memory/1612-353-0x0000000000230000-0x0000000000268000-memory.dmp

memory/1688-356-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1612-354-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2856-360-0x0000000000490000-0x00000000004C8000-memory.dmp

memory/988-362-0x0000000000230000-0x0000000000268000-memory.dmp

memory/988-364-0x0000000000230000-0x0000000000268000-memory.dmp

memory/988-367-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2296-380-0x00000000001C0000-0x00000000001F8000-memory.dmp

memory/2296-379-0x00000000001C0000-0x00000000001F8000-memory.dmp

memory/2296-378-0x00000000001C0000-0x00000000001F8000-memory.dmp

memory/2764-385-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2764-388-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2988-399-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2988-401-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2988-400-0x0000000000230000-0x0000000000268000-memory.dmp

memory/1312-404-0x00000000003C0000-0x00000000003F8000-memory.dmp

memory/1808-423-0x00000000002D0000-0x0000000000308000-memory.dmp

memory/1808-422-0x00000000002D0000-0x0000000000308000-memory.dmp

memory/1808-421-0x00000000002D0000-0x0000000000308000-memory.dmp

memory/1312-420-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2468-431-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2468-436-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2468-433-0x0000000000230000-0x0000000000268000-memory.dmp

memory/2468-432-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1016-450-0x00000000001C0000-0x00000000001F8000-memory.dmp

memory/1016-449-0x00000000001C0000-0x00000000001F8000-memory.dmp

memory/2856-456-0x0000000000490000-0x00000000004C8000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-19 05:00

Reported

2024-07-19 05:03

Platform

win10v2004-20240704-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\system32\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\system32\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\system32\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3U203QQ3-7580-Y7J8-2QK6-2152QG5K11V6} C:\Windows\SysWOW64\InstallDir\update.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\update.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\update.exe" C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Windows\SysWOW64\InstallDir\update.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\update.exe" C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\explorer.exe N/A
File created C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\explorer.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3468 set thread context of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 4460 set thread context of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4224 set thread context of 800 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 1496 set thread context of 4140 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1740 set thread context of 3320 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3444 set thread context of 4548 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 4972 set thread context of 3152 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1912 set thread context of 4940 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 4140 set thread context of 4784 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1124 set thread context of 4240 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4456 set thread context of 1736 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 3320 set thread context of 3688 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5104 set thread context of 3740 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4112 set thread context of 2480 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3996 set thread context of 4392 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 2788 set thread context of 1060 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5068 set thread context of 1516 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1880 set thread context of 4160 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 2004 set thread context of 2496 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3912 set thread context of 4436 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4392 set thread context of 2656 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3320 set thread context of 3996 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 1416 set thread context of 2872 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 4880 set thread context of 3584 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 3272 set thread context of 1352 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 1972 set thread context of 3272 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5336 set thread context of 5364 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5420 set thread context of 5460 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 5516 set thread context of 5540 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5892 set thread context of 5924 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 6000 set thread context of 6028 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 6108 set thread context of 6132 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5180 set thread context of 800 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5484 set thread context of 5532 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5688 set thread context of 5740 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5908 set thread context of 5976 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 6008 set thread context of 6092 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 388 set thread context of 2936 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 1016 set thread context of 5960 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 5468 set thread context of 524 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5972 set thread context of 5944 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 5620 set thread context of 1900 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 1928 set thread context of 4084 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 6000 set thread context of 4848 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5164 set thread context of 5536 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 1928 set thread context of 5476 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 6036 set thread context of 4320 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 6372 set thread context of 6396 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 6452 set thread context of 6476 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 6884 set thread context of 6908 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 7108 set thread context of 7136 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 5476 set thread context of 6404 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 6304 set thread context of 6576 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 6416 set thread context of 6656 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 6588 set thread context of 6880 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 6892 set thread context of 6700 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 5424 set thread context of 6988 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 2276 set thread context of 6392 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4888 set thread context of 6468 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4132 set thread context of 6896 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 6976 set thread context of 6744 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 6524 set thread context of 3412 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 6488 set thread context of 4132 N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe C:\Users\Admin\AppData\Roaming\InstallDir\update.exe
PID 4436 set thread context of 5944 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\update.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\update.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 3468 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe
PID 2636 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2636 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2636 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2636 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2636 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2636 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2636 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2636 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2636 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2636 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2636 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 2636 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 4460 wrote to memory of 3108 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\InstallDir\update.exe
PID 3108 wrote to memory of 832 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 832 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 904 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\explorer.exe
PID 3108 wrote to memory of 904 N/A C:\Windows\SysWOW64\InstallDir\update.exe C:\Windows\SysWOW64\explorer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5a8ffde10aa99fe1da4a56fada54d917_JaffaCakes118.exe

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\update.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\SysWOW64\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Windows\SysWOW64\InstallDir\update.exe

"C:\Windows\system32\InstallDir\update.exe"

C:\Windows\SysWOW64\InstallDir\update.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/3468-0-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2636-3-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2636-4-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3468-6-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2636-7-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2636-8-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3728-12-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Windows\SysWOW64\InstallDir\update.exe

MD5 5a8ffde10aa99fe1da4a56fada54d917
SHA1 915cb298fd128875abc1b02f606bd554403ff79e
SHA256 f09f5737cc736ac13fe222e21d802729b1c9d212ab3b19f5bde6bea736799f95
SHA512 c6bb1c1ea4a59089177ffd525ae46ab61a5ea9deca2e1083d906ec7eb6c3047130002b1048156afed01b18ff8cd35ae3c905afa9d77aa0ede053362d643e8f47

memory/4728-14-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2636-16-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4460-23-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\YDZTQCJEq.cfg

MD5 110da2c896840c2c2563ab943b808a0d
SHA1 13c28e22c5ea440be5dd13357a525a2e34403a5b
SHA256 b7148ecb75cf91bfdf5eab21068657d79b175bf7500c75fa6cf0dc251c553fe0
SHA512 beac8beb43df746ba530ab12752049b7b4716a29c58a26a6d4b94b3e4ecfe8720e3df8cb9d0088c35bc8d478f9ef2d990238fc23f99202f22956ff586a7256dd

memory/4224-39-0x0000000000400000-0x0000000000438000-memory.dmp

memory/800-44-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4224-46-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4132-51-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1496-61-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1496-69-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2848-75-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3320-96-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1740-95-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2672-102-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3444-112-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3444-121-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4972-127-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1912-142-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4140-149-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4140-154-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1124-159-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1124-166-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4456-173-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4456-181-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3320-186-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5104-206-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4112-208-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3996-222-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2788-233-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5068-243-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1880-255-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2004-266-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3912-277-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4392-287-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3320-296-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1416-306-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4880-316-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3272-326-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1972-344-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5336-352-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5420-360-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5516-368-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5892-375-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6000-379-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6000-385-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6108-393-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5180-401-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5484-410-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5688-419-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5908-428-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6008-437-0x0000000000400000-0x0000000000438000-memory.dmp

memory/388-447-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1016-455-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5468-461-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5972-474-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5620-479-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5620-485-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1928-492-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5164-496-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6000-505-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5164-508-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1928-514-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1928-520-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6036-530-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6372-540-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6452-548-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6884-556-0x0000000000400000-0x0000000000438000-memory.dmp

memory/7108-575-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5476-597-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6416-615-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6304-620-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6416-624-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6588-634-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6892-642-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5424-650-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2276-658-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4888-666-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4132-674-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6524-692-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6488-699-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4436-708-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2812-711-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2812-717-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5128-726-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6376-731-0x0000000000400000-0x0000000000438000-memory.dmp