Malware Analysis Report

2025-08-11 07:37

Sample ID 241015-3jk3cssfmf
Target 4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118
SHA256 9505d7744be75ec3b2226f8e2b46bde83f975480ef599584dbcff94e2fa2d837
Tags
bootkit discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9505d7744be75ec3b2226f8e2b46bde83f975480ef599584dbcff94e2fa2d837

Threat Level: Shows suspicious behavior

The file 4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit discovery persistence

Loads dropped DLL

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-15 23:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-15 23:32

Reported

2024-10-15 23:35

Platform

win7-20240903-en

Max time kernel

54s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000f00000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000f00000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000f00000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000f00000000000000000000000 C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1704 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1704 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1704 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1704 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1704 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1704 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1704 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1704 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2340 wrote to memory of 2836 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2340 wrote to memory of 2836 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2340 wrote to memory of 2836 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2340 wrote to memory of 2836 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2340 wrote to memory of 2896 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2340 wrote to memory of 2896 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2340 wrote to memory of 2896 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2340 wrote to memory of 2896 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2896 wrote to memory of 1416 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2896 wrote to memory of 1416 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2896 wrote to memory of 1416 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2896 wrote to memory of 1416 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2896 wrote to memory of 1520 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2896 wrote to memory of 1520 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2896 wrote to memory of 1520 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2896 wrote to memory of 1520 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1520 wrote to memory of 1364 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1520 wrote to memory of 1364 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1520 wrote to memory of 1364 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1520 wrote to memory of 1364 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1520 wrote to memory of 1660 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1520 wrote to memory of 1660 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1520 wrote to memory of 1660 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1520 wrote to memory of 1660 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1660 wrote to memory of 2016 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1660 wrote to memory of 2016 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1660 wrote to memory of 2016 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1660 wrote to memory of 2016 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1660 wrote to memory of 1180 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\explorer.exe
PID 1660 wrote to memory of 1180 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\explorer.exe
PID 1660 wrote to memory of 1180 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\explorer.exe
PID 1660 wrote to memory of 1180 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\explorer.exe
PID 1180 wrote to memory of 936 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1180 wrote to memory of 936 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1180 wrote to memory of 936 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1180 wrote to memory of 936 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1180 wrote to memory of 2376 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1180 wrote to memory of 2376 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1180 wrote to memory of 2376 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1180 wrote to memory of 2376 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2376 wrote to memory of 1376 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2376 wrote to memory of 1376 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2376 wrote to memory of 1376 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2376 wrote to memory of 1376 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2376 wrote to memory of 1072 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2376 wrote to memory of 1072 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2376 wrote to memory of 1072 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2376 wrote to memory of 1072 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1072 wrote to memory of 2412 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1072 wrote to memory of 2412 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1072 wrote to memory of 2412 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1072 wrote to memory of 2412 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1072 wrote to memory of 2184 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1072 wrote to memory of 2184 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1072 wrote to memory of 2184 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1072 wrote to memory of 2184 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe"

C:\Windows\SysWOW64\explorer.exe

explorer C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

Network

N/A

Files

memory/1704-0-0x0000000000400000-0x000000000041A000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

MD5 223cbeab19292ec43ee305af65680767
SHA1 323dda08701aec631d2ca9dbc6cd33412fc29f7b
SHA256 deacf96d07f96088c51c5d750515b84bfedb398264db669de5187ee3da02d3a9
SHA512 6ac381996dbe7f42a0100a3cd54e058a484e44eb63d311d66554921f280d13194daf55d7d55966ff90ba6f33b1c1f09909e6659436577d1bd52b337c3cbe0105

memory/1704-12-0x0000000010000000-0x000000001011D000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne

MD5 db2197cbe8a4265a60764979e8f3bc3e
SHA1 b7d40361d91085af64baf31c0a66ccbfe1039095
SHA256 44671a01572c87c1f3c183eb7bba65a8b786f7ef784fdfdbb5d0e84987ed1ad9
SHA512 88c2d658cb4ced27562573866f54331ce58e13195179a5b83334eeb0629e44b2a8b55ca3d09c309f5936b877d659f528506bc351b9037b206fa0d3f533592c2e

memory/1704-15-0x0000000000220000-0x0000000000258000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_N4\shell.fne

MD5 f946fb1910df726e67c323754e1942f6
SHA1 c2b3fed12064494bc9d031a801f7f6b7a7e0ea45
SHA256 87b26692043bafade74080843d881020ee6bfc1eb91f08ed8c917b3f0a85956d
SHA512 7cbafcd978e8e5f0943135f2b8837994a1a2c1df65a83ff9ee73a8e8d137199a3945e4959a043025ab9f35097730968858fd7b0eae77e8b9df9db21ce30d0ef6

memory/1704-18-0x00000000007C0000-0x00000000007D1000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_N4\dp1.fne

MD5 546eb3c4e8ccfaad45b62ea7569bee95
SHA1 5b08278edacb09ebf2b25f80780aa38615449cf3
SHA256 2f09b41f5591fef8889548fa8a0ee867225a800fe14cd158db486c200f585f7a
SHA512 21a1a3d68356ea2ed486a0af4adc89356942c4867725a80e005c67a4f742778926b4ad0cf183fff341ce9960696e4962da44f0e496bbdb1d7176e7013a5f0039

memory/1704-21-0x00000000007E0000-0x0000000000801000-memory.dmp

\Windows\SysWOW64\B526A5\DECB07.EXE

MD5 4a7eb850f3c69ed3968eee8a12c25de8
SHA1 6c52b479b0d6a3bdaf7d3872c58014b21bda94fa
SHA256 9505d7744be75ec3b2226f8e2b46bde83f975480ef599584dbcff94e2fa2d837
SHA512 de8ffe1ef368d2414bef4176851ac162c22996e9f8edb13e922520d78eb7ee02161f2d327e598b6dce55b1b0e2043b3f98b0447229c9c317e2e2ac46479a4867

memory/1704-31-0x0000000001DC0000-0x0000000001DDA000-memory.dmp

memory/1704-30-0x0000000001DC0000-0x0000000001DDA000-memory.dmp

memory/2340-55-0x0000000000420000-0x0000000000441000-memory.dmp

memory/2896-72-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2896-83-0x0000000001DA0000-0x0000000001DBA000-memory.dmp

memory/1660-120-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1660-126-0x0000000000590000-0x00000000005B1000-memory.dmp

memory/1660-119-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1520-118-0x0000000001FF0000-0x000000000200A000-memory.dmp

memory/1520-117-0x0000000001FF0000-0x000000000200A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_N4\RegEx.fnr

MD5 7d849e4fd6e2811e24f772cbc388ceaa
SHA1 3952de94e007d9a3baed4a3bd1e62b6b2a36c3e6
SHA256 0f3999aab0e2864a8a9efc995c9cda1bc977af448af7d40b07958480f799d347
SHA512 8b79df820a44d53e3e0535829e702f243ad8704a61e321b4fe2d25b4f98e9b45b2389bf283947723abf5f7a84dbb6cc869af9f1648d024b3496a216ddb56a70b

C:\Users\Admin\AppData\Local\Temp\E_N4\cnvpe.fne

MD5 223490ea28a1b3ed6438e17951848d86
SHA1 54eb7ba0595c08413cf7887743ed65763744770b
SHA256 0017bcd493a90737a4a4c9d1bcbda40e4c026496a1133cd2d31e0f11a3911561
SHA512 ec476129ec484a3a60b7ecd621928ef046d701176ded5f81651c1c9972a7e2d107e0a82224a26edcaf42cadbc31b945046366501fc5e1547742a3b0153bb1033

C:\Users\Admin\AppData\Local\Temp\E_N4\spec.fne

MD5 91a7c4fe6b663d6ff6ad740cb871525b
SHA1 096387a6917f03f78b29f31842fae40b7230d027
SHA256 2666aa3e35802fe6c981c58a5a4ac85b461e8c9c05ae34c37602f0fbc9e80a6d
SHA512 7e1e9bac20a487e226ff545709cf96dbb353421e1a4617b24311257564f6b8472f69803f1c94985837ffec7882f12cdab59fb38065eb3e1a1bcca4e677389e43

C:\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne

MD5 7db765fdbd973fb6168c152f5eada75a
SHA1 22e1bf6435248526d4e6857126b8b1468964e157
SHA256 a9ea54199030a94d3e5f439bbbb08049a160bef942ce2b876aedc65b493e5314
SHA512 b453393021aa68116b1a6e394734e8a1c6e500af454a0771cc505deba1abf45247794cb7c25499b576ae6c09bbe86ec1538a306839a7a38093f08fa53e7cc3cb

C:\Users\Admin\AppData\Local\Temp\E_N4\internet.fne

MD5 98df2f2cf250e6efdaff9af7693b2652
SHA1 ef25b532e09998a625e2f3fae5daa01c0d470204
SHA256 ad092a517842e12949db78ccd993227cbe70d729cf8bf11f0287fb05a58da74a
SHA512 b176897ba939e5f0e165e80ec1e23c54eaec1c9fd2dcc428290d58b205c899ce74216a53eed9b43e21ae29b44c9b89df982b14883bbf65409c0a256479e860da

memory/1660-124-0x00000000003D0000-0x00000000003E1000-memory.dmp

memory/1660-123-0x00000000001B0000-0x00000000001E8000-memory.dmp

memory/1520-102-0x0000000001FC0000-0x0000000001FE1000-memory.dmp

memory/1520-101-0x0000000000420000-0x0000000000431000-memory.dmp

memory/1520-100-0x0000000001CE0000-0x0000000001D18000-memory.dmp

memory/1520-99-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2968-79-0x0000000003A90000-0x0000000003AA0000-memory.dmp

memory/2896-78-0x0000000000590000-0x00000000005B1000-memory.dmp

memory/2896-77-0x00000000002D0000-0x00000000002E1000-memory.dmp

memory/2896-74-0x00000000001C0000-0x00000000001F8000-memory.dmp

memory/2896-71-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2340-70-0x00000000003E0000-0x00000000003FA000-memory.dmp

memory/2340-52-0x00000000003C0000-0x00000000003D1000-memory.dmp

memory/2340-49-0x0000000000220000-0x0000000000258000-memory.dmp

memory/2340-48-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1180-133-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1660-132-0x0000000001D00000-0x0000000001D1A000-memory.dmp

memory/1660-131-0x0000000001D00000-0x0000000001D1A000-memory.dmp

memory/1180-144-0x00000000003B0000-0x00000000003E8000-memory.dmp

memory/1180-146-0x0000000002070000-0x0000000002091000-memory.dmp

memory/1180-145-0x0000000002050000-0x0000000002061000-memory.dmp

memory/1180-143-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1180-148-0x00000000020E0000-0x00000000020FA000-memory.dmp

memory/1180-147-0x00000000020E0000-0x00000000020FA000-memory.dmp

memory/2376-154-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2376-156-0x0000000000220000-0x0000000000258000-memory.dmp

memory/2376-157-0x0000000000340000-0x0000000000351000-memory.dmp

memory/2376-158-0x0000000000360000-0x0000000000381000-memory.dmp

memory/1704-159-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1704-160-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2376-161-0x0000000000390000-0x00000000003AA000-memory.dmp

memory/1072-167-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1072-169-0x0000000000250000-0x0000000000288000-memory.dmp

memory/1072-171-0x00000000004A0000-0x00000000004C1000-memory.dmp

memory/2340-175-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2340-174-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2896-173-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2896-172-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1072-170-0x0000000000440000-0x0000000000451000-memory.dmp

memory/1072-177-0x00000000004D0000-0x00000000004EA000-memory.dmp

memory/1072-176-0x00000000004D0000-0x00000000004EA000-memory.dmp

memory/2184-184-0x0000000000520000-0x0000000000558000-memory.dmp

memory/1520-187-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2184-186-0x0000000001FD0000-0x0000000001FF1000-memory.dmp

memory/1520-188-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2184-185-0x00000000003E0000-0x00000000003F1000-memory.dmp

memory/2184-183-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1588-191-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1588-197-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1588-198-0x00000000003E0000-0x00000000003F1000-memory.dmp

memory/1588-199-0x0000000000420000-0x0000000000441000-memory.dmp

memory/1588-201-0x0000000000450000-0x000000000046A000-memory.dmp

memory/1588-200-0x0000000000450000-0x000000000046A000-memory.dmp

memory/2792-207-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2792-209-0x00000000003A0000-0x00000000003C1000-memory.dmp

memory/2792-208-0x0000000000240000-0x0000000000278000-memory.dmp

memory/2792-210-0x0000000000350000-0x0000000000361000-memory.dmp

memory/2792-211-0x00000000003D0000-0x00000000003EA000-memory.dmp

memory/2792-212-0x00000000003D0000-0x00000000003EA000-memory.dmp

memory/2608-218-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1660-220-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1660-219-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2608-222-0x0000000000540000-0x0000000000561000-memory.dmp

memory/2608-221-0x0000000000520000-0x0000000000531000-memory.dmp

memory/1180-224-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1180-223-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2608-225-0x0000000000570000-0x000000000058A000-memory.dmp

memory/1076-233-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1076-232-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2608-231-0x0000000000570000-0x000000000058A000-memory.dmp

memory/2376-235-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2376-234-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1076-239-0x0000000000420000-0x0000000000441000-memory.dmp

memory/1076-238-0x00000000003E0000-0x00000000003F1000-memory.dmp

memory/1072-237-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1072-236-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1076-240-0x0000000000450000-0x000000000046A000-memory.dmp

memory/2184-247-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2184-246-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1308-248-0x00000000003D0000-0x00000000003E1000-memory.dmp

memory/1308-249-0x0000000002060000-0x0000000002081000-memory.dmp

memory/1588-250-0x0000000010000000-0x000000001011D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-15 23:32

Reported

2024-10-15 23:35

Platform

win10v2004-20241007-en

Max time kernel

7s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File created C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
File opened for modification C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A
N/A N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2260 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2260 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2260 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 2260 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2260 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2260 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2060 wrote to memory of 2676 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2060 wrote to memory of 2676 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2060 wrote to memory of 2676 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2060 wrote to memory of 2952 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2060 wrote to memory of 2952 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2060 wrote to memory of 2952 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2952 wrote to memory of 4768 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2952 wrote to memory of 4768 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2952 wrote to memory of 4768 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2952 wrote to memory of 3420 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2952 wrote to memory of 3420 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2952 wrote to memory of 3420 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 3420 wrote to memory of 1072 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 3420 wrote to memory of 1072 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 3420 wrote to memory of 1072 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 3420 wrote to memory of 3352 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 3420 wrote to memory of 3352 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 3420 wrote to memory of 3352 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 3352 wrote to memory of 1572 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 3352 wrote to memory of 1572 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 3352 wrote to memory of 1572 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 3352 wrote to memory of 2652 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 3352 wrote to memory of 2652 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 3352 wrote to memory of 2652 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2652 wrote to memory of 840 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2652 wrote to memory of 840 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2652 wrote to memory of 840 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2652 wrote to memory of 2396 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2652 wrote to memory of 2396 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2652 wrote to memory of 2396 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2396 wrote to memory of 4932 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 4932 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 4932 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 3464 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2396 wrote to memory of 3464 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 2396 wrote to memory of 3464 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 3464 wrote to memory of 2904 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 3464 wrote to memory of 2904 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 3464 wrote to memory of 2904 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 3464 wrote to memory of 1904 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 3464 wrote to memory of 1904 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 3464 wrote to memory of 1904 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1904 wrote to memory of 2400 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1904 wrote to memory of 2400 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1904 wrote to memory of 2400 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 1904 wrote to memory of 432 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1904 wrote to memory of 432 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 1904 wrote to memory of 432 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE
PID 432 wrote to memory of 392 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 432 wrote to memory of 392 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 432 wrote to memory of 392 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 432 wrote to memory of 656 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 432 wrote to memory of 656 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 432 wrote to memory of 656 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 656 wrote to memory of 1020 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 656 wrote to memory of 1020 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 656 wrote to memory of 1020 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\explorer.exe
PID 656 wrote to memory of 1160 N/A C:\Windows\SysWOW64\B526A5\DECB07.EXE C:\Windows\SysWOW64\B526A5\DECB07.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118.exe"

C:\Windows\SysWOW64\explorer.exe

explorer C:\Users\Admin\AppData\Local\Temp\4a7eb850f3c69ed3968eee8a12c25de8_JaffaCakes118

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\B526A5\DECB07

C:\Windows\SysWOW64\B526A5\DECB07.EXE

C:\Windows\system32\B526A5\DECB07.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/2260-0-0x0000000000400000-0x000000000041A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

MD5 223cbeab19292ec43ee305af65680767
SHA1 323dda08701aec631d2ca9dbc6cd33412fc29f7b
SHA256 deacf96d07f96088c51c5d750515b84bfedb398264db669de5187ee3da02d3a9
SHA512 6ac381996dbe7f42a0100a3cd54e058a484e44eb63d311d66554921f280d13194daf55d7d55966ff90ba6f33b1c1f09909e6659436577d1bd52b337c3cbe0105

memory/2260-11-0x0000000010000000-0x000000001011D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne

MD5 db2197cbe8a4265a60764979e8f3bc3e
SHA1 b7d40361d91085af64baf31c0a66ccbfe1039095
SHA256 44671a01572c87c1f3c183eb7bba65a8b786f7ef784fdfdbb5d0e84987ed1ad9
SHA512 88c2d658cb4ced27562573866f54331ce58e13195179a5b83334eeb0629e44b2a8b55ca3d09c309f5936b877d659f528506bc351b9037b206fa0d3f533592c2e

memory/2260-18-0x0000000002380000-0x00000000023B8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_N4\shell.fne

MD5 f946fb1910df726e67c323754e1942f6
SHA1 c2b3fed12064494bc9d031a801f7f6b7a7e0ea45
SHA256 87b26692043bafade74080843d881020ee6bfc1eb91f08ed8c917b3f0a85956d
SHA512 7cbafcd978e8e5f0943135f2b8837994a1a2c1df65a83ff9ee73a8e8d137199a3945e4959a043025ab9f35097730968858fd7b0eae77e8b9df9db21ce30d0ef6

memory/2260-25-0x00000000023F0000-0x0000000002401000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_N4\dp1.fne

MD5 546eb3c4e8ccfaad45b62ea7569bee95
SHA1 5b08278edacb09ebf2b25f80780aa38615449cf3
SHA256 2f09b41f5591fef8889548fa8a0ee867225a800fe14cd158db486c200f585f7a
SHA512 21a1a3d68356ea2ed486a0af4adc89356942c4867725a80e005c67a4f742778926b4ad0cf183fff341ce9960696e4962da44f0e496bbdb1d7176e7013a5f0039

memory/2260-31-0x0000000002830000-0x0000000002851000-memory.dmp

C:\Windows\SysWOW64\B526A5\DECB07.EXE

MD5 4a7eb850f3c69ed3968eee8a12c25de8
SHA1 6c52b479b0d6a3bdaf7d3872c58014b21bda94fa
SHA256 9505d7744be75ec3b2226f8e2b46bde83f975480ef599584dbcff94e2fa2d837
SHA512 de8ffe1ef368d2414bef4176851ac162c22996e9f8edb13e922520d78eb7ee02161f2d327e598b6dce55b1b0e2043b3f98b0447229c9c317e2e2ac46479a4867

memory/2060-49-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2952-82-0x0000000010000000-0x000000001011D000-memory.dmp

memory/3420-106-0x00000000026A0000-0x00000000026B1000-memory.dmp

memory/3420-108-0x00000000026C0000-0x00000000026E1000-memory.dmp

memory/3420-107-0x0000000000400000-0x000000000041A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_N4\RegEx.fnr

MD5 7d849e4fd6e2811e24f772cbc388ceaa
SHA1 3952de94e007d9a3baed4a3bd1e62b6b2a36c3e6
SHA256 0f3999aab0e2864a8a9efc995c9cda1bc977af448af7d40b07958480f799d347
SHA512 8b79df820a44d53e3e0535829e702f243ad8704a61e321b4fe2d25b4f98e9b45b2389bf283947723abf5f7a84dbb6cc869af9f1648d024b3496a216ddb56a70b

C:\Users\Admin\AppData\Local\Temp\E_N4\cnvpe.fne

MD5 223490ea28a1b3ed6438e17951848d86
SHA1 54eb7ba0595c08413cf7887743ed65763744770b
SHA256 0017bcd493a90737a4a4c9d1bcbda40e4c026496a1133cd2d31e0f11a3911561
SHA512 ec476129ec484a3a60b7ecd621928ef046d701176ded5f81651c1c9972a7e2d107e0a82224a26edcaf42cadbc31b945046366501fc5e1547742a3b0153bb1033

C:\Users\Admin\AppData\Local\Temp\E_N4\spec.fne

MD5 91a7c4fe6b663d6ff6ad740cb871525b
SHA1 096387a6917f03f78b29f31842fae40b7230d027
SHA256 2666aa3e35802fe6c981c58a5a4ac85b461e8c9c05ae34c37602f0fbc9e80a6d
SHA512 7e1e9bac20a487e226ff545709cf96dbb353421e1a4617b24311257564f6b8472f69803f1c94985837ffec7882f12cdab59fb38065eb3e1a1bcca4e677389e43

C:\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne

MD5 7db765fdbd973fb6168c152f5eada75a
SHA1 22e1bf6435248526d4e6857126b8b1468964e157
SHA256 a9ea54199030a94d3e5f439bbbb08049a160bef942ce2b876aedc65b493e5314
SHA512 b453393021aa68116b1a6e394734e8a1c6e500af454a0771cc505deba1abf45247794cb7c25499b576ae6c09bbe86ec1538a306839a7a38093f08fa53e7cc3cb

C:\Users\Admin\AppData\Local\Temp\E_N4\internet.fne

MD5 98df2f2cf250e6efdaff9af7693b2652
SHA1 ef25b532e09998a625e2f3fae5daa01c0d470204
SHA256 ad092a517842e12949db78ccd993227cbe70d729cf8bf11f0287fb05a58da74a
SHA512 b176897ba939e5f0e165e80ec1e23c54eaec1c9fd2dcc428290d58b205c899ce74216a53eed9b43e21ae29b44c9b89df982b14883bbf65409c0a256479e860da

memory/3420-103-0x0000000002100000-0x0000000002138000-memory.dmp

memory/3420-102-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2952-99-0x0000000002F30000-0x0000000002F51000-memory.dmp

memory/2952-98-0x00000000024B0000-0x00000000024C1000-memory.dmp

memory/3352-122-0x0000000010000000-0x000000001011D000-memory.dmp

memory/3352-125-0x00000000022C0000-0x00000000022F8000-memory.dmp

memory/3352-121-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2952-83-0x0000000002320000-0x0000000002358000-memory.dmp

memory/2952-81-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2060-80-0x0000000002E10000-0x0000000002E31000-memory.dmp

memory/2060-79-0x0000000002350000-0x0000000002361000-memory.dmp

memory/2060-78-0x0000000000620000-0x0000000000658000-memory.dmp

memory/2060-77-0x0000000010000000-0x000000001011D000-memory.dmp

memory/3352-131-0x0000000002F40000-0x0000000002F61000-memory.dmp

memory/3352-130-0x00000000026D0000-0x00000000026E1000-memory.dmp

memory/2652-132-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2652-138-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2652-139-0x00000000020E0000-0x0000000002118000-memory.dmp

memory/2652-140-0x00000000020E0000-0x0000000002118000-memory.dmp

memory/2652-144-0x0000000002400000-0x0000000002421000-memory.dmp

memory/2060-143-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2060-142-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2652-141-0x00000000023E0000-0x00000000023F1000-memory.dmp

memory/2952-145-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2260-146-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2260-147-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2396-148-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2396-154-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2396-155-0x0000000002130000-0x0000000002168000-memory.dmp

memory/3420-156-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2396-158-0x00000000022B0000-0x00000000022D1000-memory.dmp

memory/2396-157-0x0000000002290000-0x00000000022A1000-memory.dmp

memory/3464-164-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3464-165-0x0000000002320000-0x0000000002358000-memory.dmp

memory/3464-167-0x00000000026E0000-0x0000000002701000-memory.dmp

memory/3464-166-0x00000000024C0000-0x00000000024D1000-memory.dmp

memory/3352-168-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3352-169-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1904-170-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1904-176-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1904-177-0x0000000002120000-0x0000000002158000-memory.dmp

memory/1904-179-0x00000000023C0000-0x00000000023E1000-memory.dmp

memory/1904-178-0x00000000022B0000-0x00000000022C1000-memory.dmp

memory/2652-181-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2652-180-0x0000000000400000-0x000000000041A000-memory.dmp

memory/432-188-0x0000000010000000-0x000000001011D000-memory.dmp

memory/432-189-0x0000000002010000-0x0000000002048000-memory.dmp

memory/432-187-0x0000000000400000-0x000000000041A000-memory.dmp

memory/432-191-0x00000000024D0000-0x00000000024F1000-memory.dmp

memory/432-190-0x0000000002080000-0x0000000002091000-memory.dmp

memory/2396-193-0x0000000010000000-0x000000001011D000-memory.dmp

memory/2396-192-0x0000000000400000-0x000000000041A000-memory.dmp

memory/656-199-0x00000000024E0000-0x0000000002518000-memory.dmp

memory/656-200-0x00000000023B0000-0x00000000023C1000-memory.dmp

memory/656-201-0x00000000025A0000-0x00000000025C1000-memory.dmp

memory/3464-202-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3464-203-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1160-210-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1160-209-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1160-211-0x0000000002190000-0x00000000021C8000-memory.dmp

memory/1160-215-0x00000000027F0000-0x0000000002811000-memory.dmp

memory/1160-214-0x0000000002400000-0x0000000002411000-memory.dmp

memory/1904-213-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1904-212-0x0000000000400000-0x000000000041A000-memory.dmp

memory/432-223-0x0000000010000000-0x000000001011D000-memory.dmp

memory/432-222-0x0000000000400000-0x000000000041A000-memory.dmp

memory/5116-221-0x0000000000400000-0x000000000041A000-memory.dmp

memory/5116-224-0x0000000002210000-0x0000000002248000-memory.dmp

memory/5116-225-0x0000000002460000-0x0000000002471000-memory.dmp

memory/5116-226-0x0000000002480000-0x00000000024A1000-memory.dmp

memory/656-228-0x0000000010000000-0x000000001011D000-memory.dmp

memory/656-227-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3100-234-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3100-235-0x00000000021A0000-0x00000000021D8000-memory.dmp

memory/3100-237-0x0000000002500000-0x0000000002521000-memory.dmp

memory/3100-236-0x0000000002210000-0x0000000002221000-memory.dmp

memory/1160-239-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1160-238-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1912-245-0x0000000010000000-0x000000001011D000-memory.dmp

memory/1912-246-0x0000000002330000-0x0000000002368000-memory.dmp

memory/1912-248-0x00000000028B0000-0x00000000028D1000-memory.dmp

memory/1912-247-0x0000000002660000-0x0000000002671000-memory.dmp

memory/5116-250-0x0000000000400000-0x000000000041A000-memory.dmp

memory/5116-249-0x0000000010000000-0x000000001011D000-memory.dmp

memory/4476-254-0x0000000000400000-0x000000000041A000-memory.dmp

memory/4476-257-0x0000000010000000-0x000000001011D000-memory.dmp