Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03/10/2024, 04:38
General
-
Target
0df5e54be8f532a54c73b01f9c25c1d6_JaffaCakes118.exe
-
Size
1.2MB
-
MD5
0df5e54be8f532a54c73b01f9c25c1d6
-
SHA1
d92987052019161bc610184bf5a92084808ed58a
-
SHA256
e8541ed4e1b8964fc1e8c31e528778e6bab6d338d7355cfac8888dbc080d8f46
-
SHA512
687dff3e2ca201284d584f93f2ae87bda25b9f71bb35f702eb8cfbeb5a27c1abbef3dfa1a40d47cb578569e1db4173bb31fa4e2e6490a730474d4039f43bae1f
-
SSDEEP
24576:+vghg41N5L+s79FIY4ponf0e56xh3liEKKO7AynQedLSEgG:+vg/gq9FOC0esxh1i/ldQ2GEx
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 64 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0df5e54be8f532a54c73b01f9c25c1d6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0df5e54be8f532a54c73b01f9c25c1d6_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Users\Admin\AppData\Local\Temp\0df5e54be8f532a54c73b01f9c25c1d6_JaffaCakes1182⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC53⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC54⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE4⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC55⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE5⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC56⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE6⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC57⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE7⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC58⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE8⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC59⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE9⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC510⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE10⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC511⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE11⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC512⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE12⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC513⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE13⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC514⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE14⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC515⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE15⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC516⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE16⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC517⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE17⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC518⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE18⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC519⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE19⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC520⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE20⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC521⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE21⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC522⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE22⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC523⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE23⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC524⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE24⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC525⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE25⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC526⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE26⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC527⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE27⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC528⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE28⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC529⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE29⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC530⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE30⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC531⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE31⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC532⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE32⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC533⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE33⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC534⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE34⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC535⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE35⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC536⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE36⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC537⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE37⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC538⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE38⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC539⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE39⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC540⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE40⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC541⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE41⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC542⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE42⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC543⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE43⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC544⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE44⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC545⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE45⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC546⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE46⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC547⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE47⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC548⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE48⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC549⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE49⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC550⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE50⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC551⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE51⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC552⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE52⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC553⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE53⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC554⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE54⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC555⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE55⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC556⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC557⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE57⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC558⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE58⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC559⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE59⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC560⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE60⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC561⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE61⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC562⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE62⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC563⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE63⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC564⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE64⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC565⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE65⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC566⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE66⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC567⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE67⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC568⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE68⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC569⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE69⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC570⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE70⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC571⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE71⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC572⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE72⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC573⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE73⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC574⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE74⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC575⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE75⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC576⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE76⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC577⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE77⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC578⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE78⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC579⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE79⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC580⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE80⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC581⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE81⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC582⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE82⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC583⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE83⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC584⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE84⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC585⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE85⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC586⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE86⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC587⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE87⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC588⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE88⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC589⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE89⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC590⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE90⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC591⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE91⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC592⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE92⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC593⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE93⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC594⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE94⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC595⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE95⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC596⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE96⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC597⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE97⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC598⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE98⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC599⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE99⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5100⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE100⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5101⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE101⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5102⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE102⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5103⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE103⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5104⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE104⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5105⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE105⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5106⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE106⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5107⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE107⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5108⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE108⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5109⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE109⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5110⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE110⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5111⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE111⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5112⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE112⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5113⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE113⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5114⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE114⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5115⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE115⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5116⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE116⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5117⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE117⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5118⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE118⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5119⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE119⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5120⤵
-
-
C:\Windows\SysWOW64\XP-0EE37CC5.EXEC:\Windows\system32\XP-0EE37CC5.EXE120⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-0EE37CC5121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-