Malware Analysis Report

2025-08-06 01:36

Sample ID 241016-2qzzes1bpj
Target 4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118
SHA256 ddb527fa24d05933be035b41451bff51537281ba5d014c1c1fbe98d82bd40da9
Tags
bootkit discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ddb527fa24d05933be035b41451bff51537281ba5d014c1c1fbe98d82bd40da9

Threat Level: Shows suspicious behavior

The file 4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit discovery persistence

Executes dropped EXE

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 22:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 22:47

Reported

2024-10-16 22:50

Platform

win7-20240903-en

Max time kernel

48s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ADE119 C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\9E3B3C C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\C021A2 C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Windows\explorer.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000f00000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000f00000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000f00000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 352 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 352 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 352 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 352 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 352 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 352 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 352 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 352 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1244 wrote to memory of 2648 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1244 wrote to memory of 2648 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1244 wrote to memory of 2648 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1244 wrote to memory of 2648 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1244 wrote to memory of 2752 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1244 wrote to memory of 2752 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1244 wrote to memory of 2752 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1244 wrote to memory of 2752 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2752 wrote to memory of 2584 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2752 wrote to memory of 2584 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2752 wrote to memory of 2584 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2752 wrote to memory of 2584 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2752 wrote to memory of 2776 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2752 wrote to memory of 2776 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2752 wrote to memory of 2776 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2752 wrote to memory of 2776 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2776 wrote to memory of 2716 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2776 wrote to memory of 2716 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2776 wrote to memory of 2716 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2776 wrote to memory of 2716 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2776 wrote to memory of 1976 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2776 wrote to memory of 1976 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2776 wrote to memory of 1976 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2776 wrote to memory of 1976 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1976 wrote to memory of 2952 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1976 wrote to memory of 2952 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1976 wrote to memory of 2952 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1976 wrote to memory of 2952 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1976 wrote to memory of 1980 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1976 wrote to memory of 1980 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1976 wrote to memory of 1980 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1976 wrote to memory of 1980 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1980 wrote to memory of 2120 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1980 wrote to memory of 2120 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1980 wrote to memory of 2120 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1980 wrote to memory of 2120 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 1980 wrote to memory of 288 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1980 wrote to memory of 288 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1980 wrote to memory of 288 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1980 wrote to memory of 288 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 288 wrote to memory of 1032 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 288 wrote to memory of 1032 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 288 wrote to memory of 1032 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 288 wrote to memory of 1032 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 288 wrote to memory of 624 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 288 wrote to memory of 624 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 288 wrote to memory of 624 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 288 wrote to memory of 624 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 624 wrote to memory of 2324 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 624 wrote to memory of 2324 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 624 wrote to memory of 2324 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 624 wrote to memory of 2324 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 624 wrote to memory of 2148 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 624 wrote to memory of 2148 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 624 wrote to memory of 2148 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 624 wrote to memory of 2148 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe"

C:\Windows\SysWOW64\explorer.exe

explorer C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

Network

N/A

Files

memory/352-0-0x0000000000400000-0x000000000043E000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

MD5 d627c45ca4400f1f6b637316153006de
SHA1 8577f00d70659febda48ea0d7de6de004e107f3a
SHA256 70fc9346af1a9063e632468838059532348db6f466e3b99c7f6985ba0eed3ba6
SHA512 fba654b3ae01fb85d64f1189dc9645074e1f3ce724b6104b10df6dff4f55fd381ccff90763e1628ebbc8e270e34247f7bf10490765ea6bafa6b4c37964b58874

memory/352-11-0x0000000010000000-0x000000001011C000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\com.run

MD5 1efcd4efe04ec27a5d347cec716623f7
SHA1 50af11cd60a2a29ed3f70bb9eaff2a7373e77855
SHA256 47d4cfb9858e3f2db6cfd8683a73064ab6a7717c6c54e9556ac06c15bd4d0b98
SHA512 668e4457ac5fd250c80996f682b64820c1565e191d031c10bbb6c7909ac7870d644c4a7d4fde655cecee7dee205039ddd677faf437b77bdf77689494b6587c00

memory/352-14-0x0000000000290000-0x00000000002DB000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\shell.fne

MD5 43cfb3234b1c5a3a992471cab87fd03b
SHA1 02875bcdcc9d29a063f2d6848839c9edba980498
SHA256 e05e9a3013cea90dfaae22792171dc0d4fe23a29dabc73d30569cfb1aec20d0d
SHA512 70459802c7de41b28e45a83ce4e0fa4155d781e8ea9606f2d7b5e18bf41d839bf5e9842b4ee02077a5928d086a572880dac0b844c551ac2453866ae9c90afdc5

memory/352-17-0x00000000005D0000-0x00000000005E1000-memory.dmp

\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

MD5 2bea864617a808eb89b0cbe7a71c36d5
SHA1 a7d25b584bfb97b596fb049d74ef1ecf36833dca
SHA256 7f8fe538d117f1a0822cf9ae3c0ec75ad0d2382e276ca4b5a3d1b9ae0c8846e3
SHA512 32befdd42623558f03622b1647122308da96a37127c5509fda763ad210bbaf668a3a2ed059aa220ea10d8b7f72107b6d15a8f22669e4e0a4c8adf6f637a4cc3d

memory/352-20-0x00000000005F0000-0x000000000060E000-memory.dmp

\Windows\SysWOW64\ADE119\E37CC5.EXE

MD5 4f7036c4e9f9908a8236e7d6b375cd5b
SHA1 04763a9de555b49e6395402045bab7f65cf31e26
SHA256 ddb527fa24d05933be035b41451bff51537281ba5d014c1c1fbe98d82bd40da9
SHA512 7dfa4356abc0639daf96be7893d071e97e1220117e0a42eab3406f789aafa03af653dc0d758fd26c5cc0fe9b2b9df18784625ae1a4d1f79a802ca5747fc547d2

memory/352-30-0x0000000001DA0000-0x0000000001DDE000-memory.dmp

memory/352-29-0x0000000001DA0000-0x0000000001DDE000-memory.dmp

memory/1244-45-0x0000000010000000-0x000000001011C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\RegEx.fnr

MD5 c8ee51a46296e396d4822f09eb9ed93f
SHA1 476c6f8176d910960698da7b5afe3c5e89f4fd98
SHA256 2e54f3fa93507f0e3a825d913c147bd646ccd8684eba788eca9cc795c56ecc9c
SHA512 bcfe1192e0397342b2bd462ccff78894286a4e4fc4275a1c91dceca91f318c5c0d48d7e6a3e55bf67216f7189750bd30201b75f5def5c742b2a21700df26f0fc

C:\Users\Admin\AppData\Local\Temp\E_4\spec.fne

MD5 e1adaec35e5e06073844b55ea8ed42e3
SHA1 5d8097adc257207e9c3465c3de3d9cc7f3b73b7c
SHA256 56de11959e7b195cb17166b1cb62fdfcea8f02b0b54f17287e6722d03002dcb5
SHA512 c9dcde2e326b18d322989fe3a181d272e42ddd287c475595a94badaa44a812ed10910983ee24cbbc8c761b81af082c5997c92d148474cdc70d5740ca450417e7

C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

MD5 726d6d25d017ed37e60d2b7fe73fefb2
SHA1 b891331a0fe23d1dddd135e5329048a4890870ee
SHA256 2a3b8358245e618a0de8cc43e96f993f841238bfd49f72cb092e717b707c3bdc
SHA512 ee6ceae7f438347c317a828834b23507740012604276e6a88159ad07c74822bad0621e2dc78160e04afecccd1e1b2b2e6d86d650ad6a36a858114a59be10df9d

C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

MD5 3bf9186e17b8bd593fd6f325b5b56df9
SHA1 473e42586cf6a6c7c82815f340e88db63cde3cd5
SHA256 2dafd7252612582851c75c6ce6f0436c6013c23e313a22e22b6348d7d095e00c
SHA512 46f09b3623025d54ea0c474f4a881572ebaf3450d83dc0d7ef467e157e5bc6ecf507175244934e694670fefc7a6402969e5911d511bcc365e7912e834d0c4d76

memory/1244-46-0x0000000000230000-0x000000000027B000-memory.dmp

memory/1244-52-0x00000000003A0000-0x00000000003BE000-memory.dmp

memory/1244-51-0x0000000000380000-0x0000000000391000-memory.dmp

memory/2864-53-0x0000000003AE0000-0x0000000003AF0000-memory.dmp

memory/2752-58-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1244-56-0x0000000000440000-0x000000000047E000-memory.dmp

memory/2752-68-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2752-74-0x0000000000310000-0x000000000032E000-memory.dmp

memory/2752-73-0x00000000002F0000-0x0000000000301000-memory.dmp

memory/2752-71-0x0000000000220000-0x000000000026B000-memory.dmp

memory/2776-90-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2776-89-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2776-96-0x0000000000330000-0x000000000034E000-memory.dmp

memory/2776-95-0x0000000000310000-0x0000000000321000-memory.dmp

memory/2776-93-0x0000000000290000-0x00000000002DB000-memory.dmp

memory/2776-100-0x0000000001E20000-0x0000000001E5E000-memory.dmp

memory/2776-101-0x0000000001E20000-0x0000000001E5E000-memory.dmp

memory/1976-116-0x0000000001EE0000-0x0000000001EFE000-memory.dmp

memory/1976-115-0x0000000000590000-0x00000000005A1000-memory.dmp

memory/1976-112-0x0000000000530000-0x000000000057B000-memory.dmp

memory/2752-79-0x00000000003B0000-0x00000000003EE000-memory.dmp

memory/1980-123-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1976-121-0x0000000002010000-0x000000000204E000-memory.dmp

memory/1976-120-0x0000000002010000-0x000000000204E000-memory.dmp

memory/1980-134-0x0000000000220000-0x000000000026B000-memory.dmp

memory/1980-137-0x0000000000440000-0x0000000000451000-memory.dmp

memory/1980-138-0x0000000000460000-0x000000000047E000-memory.dmp

memory/352-139-0x0000000000400000-0x000000000043E000-memory.dmp

memory/352-140-0x0000000010000000-0x000000001011C000-memory.dmp

memory/288-143-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1980-141-0x0000000001E40000-0x0000000001E7E000-memory.dmp

memory/1980-142-0x0000000001E40000-0x0000000001E7E000-memory.dmp

memory/288-149-0x0000000010000000-0x000000001011C000-memory.dmp

memory/288-152-0x00000000003C0000-0x00000000003DE000-memory.dmp

memory/288-151-0x0000000000370000-0x0000000000381000-memory.dmp

memory/1244-154-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1244-153-0x0000000010000000-0x000000001011C000-memory.dmp

memory/288-155-0x0000000001F30000-0x0000000001F6E000-memory.dmp

memory/624-156-0x0000000000400000-0x000000000043E000-memory.dmp

memory/624-162-0x00000000003E0000-0x00000000003F1000-memory.dmp

memory/624-163-0x0000000000840000-0x000000000085E000-memory.dmp

memory/624-161-0x00000000005D0000-0x000000000061B000-memory.dmp

memory/2752-164-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2752-165-0x0000000010000000-0x000000001011C000-memory.dmp

memory/624-166-0x0000000000860000-0x000000000089E000-memory.dmp

memory/624-167-0x0000000000860000-0x000000000089E000-memory.dmp

memory/2148-172-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2148-173-0x0000000000540000-0x0000000000551000-memory.dmp

memory/2148-174-0x0000000000560000-0x000000000057E000-memory.dmp

memory/2776-176-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2776-175-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2148-178-0x0000000001DC0000-0x0000000001DFE000-memory.dmp

memory/2148-179-0x0000000001DC0000-0x0000000001DFE000-memory.dmp

memory/1520-184-0x00000000003B0000-0x00000000003C1000-memory.dmp

memory/1520-185-0x00000000003D0000-0x00000000003EE000-memory.dmp

memory/1976-187-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1976-188-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2024-195-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1520-194-0x0000000000540000-0x000000000057E000-memory.dmp

memory/1520-189-0x0000000000540000-0x000000000057E000-memory.dmp

memory/2024-196-0x00000000002A0000-0x00000000002EB000-memory.dmp

memory/2024-199-0x0000000000350000-0x000000000036E000-memory.dmp

memory/2024-198-0x0000000000330000-0x0000000000341000-memory.dmp

memory/2024-201-0x0000000001E20000-0x0000000001E5E000-memory.dmp

memory/2824-207-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2824-206-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2024-200-0x0000000001E20000-0x0000000001E5E000-memory.dmp

memory/2824-208-0x00000000003A0000-0x00000000003EB000-memory.dmp

memory/1980-209-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1980-210-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2824-211-0x0000000000730000-0x0000000000741000-memory.dmp

memory/2824-212-0x0000000001F80000-0x0000000001F9E000-memory.dmp

memory/2824-213-0x0000000001FB0000-0x0000000001FEE000-memory.dmp

memory/1324-216-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2824-214-0x0000000001FB0000-0x0000000001FEE000-memory.dmp

memory/1324-221-0x0000000010000000-0x000000001011C000-memory.dmp

memory/288-223-0x0000000010000000-0x000000001011C000-memory.dmp

memory/288-222-0x0000000000400000-0x000000000043E000-memory.dmp

memory/624-224-0x0000000000400000-0x000000000043E000-memory.dmp

memory/624-225-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1324-227-0x00000000003E0000-0x00000000003FE000-memory.dmp

memory/1324-226-0x00000000003C0000-0x00000000003D1000-memory.dmp

memory/1324-228-0x00000000005D0000-0x000000000060E000-memory.dmp

memory/2148-234-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2148-233-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1328-235-0x0000000000470000-0x0000000000481000-memory.dmp

memory/1328-236-0x0000000000490000-0x00000000004AE000-memory.dmp

memory/1520-237-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1520-238-0x0000000010000000-0x000000001011C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 22:47

Reported

2024-10-16 22:50

Platform

win10v2004-20241007-en

Max time kernel

6s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ADE119 C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\9E3B3C C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\C021A2 C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A
N/A N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1440 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1440 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1440 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1440 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1440 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 1440 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3896 wrote to memory of 752 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 3896 wrote to memory of 752 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 3896 wrote to memory of 752 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 3896 wrote to memory of 2660 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3896 wrote to memory of 2660 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3896 wrote to memory of 2660 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2660 wrote to memory of 2516 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2660 wrote to memory of 2516 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2660 wrote to memory of 2516 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2660 wrote to memory of 3020 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2660 wrote to memory of 3020 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2660 wrote to memory of 3020 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3020 wrote to memory of 1588 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 3020 wrote to memory of 1588 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 3020 wrote to memory of 1588 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 3020 wrote to memory of 3804 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3020 wrote to memory of 3804 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3020 wrote to memory of 3804 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3804 wrote to memory of 224 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 3804 wrote to memory of 224 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 3804 wrote to memory of 224 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 3804 wrote to memory of 3088 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3804 wrote to memory of 3088 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3804 wrote to memory of 3088 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3088 wrote to memory of 4976 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3088 wrote to memory of 4976 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3088 wrote to memory of 4976 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3088 wrote to memory of 2976 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3088 wrote to memory of 2976 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 3088 wrote to memory of 2976 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2976 wrote to memory of 1788 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2976 wrote to memory of 1788 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2976 wrote to memory of 1788 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2976 wrote to memory of 2312 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2976 wrote to memory of 2312 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2976 wrote to memory of 2312 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2312 wrote to memory of 1628 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2312 wrote to memory of 1628 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2312 wrote to memory of 1628 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 2312 wrote to memory of 4196 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2312 wrote to memory of 4196 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 2312 wrote to memory of 4196 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 4196 wrote to memory of 4980 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 4196 wrote to memory of 4980 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 4196 wrote to memory of 4980 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 4196 wrote to memory of 660 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 4196 wrote to memory of 660 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 4196 wrote to memory of 660 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\ADE119\E37CC5.EXE
PID 660 wrote to memory of 1332 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 660 wrote to memory of 1332 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe
PID 660 wrote to memory of 1332 N/A C:\Windows\SysWOW64\ADE119\E37CC5.EXE C:\Windows\SysWOW64\explorer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe"

C:\Windows\SysWOW64\explorer.exe

explorer C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

C:\Windows\system32\ADE119\E37CC5.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\explorer.exe

explorer C:\Windows\SysWOW64\ADE119\E37CC5

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp

Files

memory/1440-0-0x0000000000400000-0x000000000043E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

MD5 d627c45ca4400f1f6b637316153006de
SHA1 8577f00d70659febda48ea0d7de6de004e107f3a
SHA256 70fc9346af1a9063e632468838059532348db6f466e3b99c7f6985ba0eed3ba6
SHA512 fba654b3ae01fb85d64f1189dc9645074e1f3ce724b6104b10df6dff4f55fd381ccff90763e1628ebbc8e270e34247f7bf10490765ea6bafa6b4c37964b58874

memory/1440-10-0x0000000010000000-0x000000001011C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\com.run

MD5 1efcd4efe04ec27a5d347cec716623f7
SHA1 50af11cd60a2a29ed3f70bb9eaff2a7373e77855
SHA256 47d4cfb9858e3f2db6cfd8683a73064ab6a7717c6c54e9556ac06c15bd4d0b98
SHA512 668e4457ac5fd250c80996f682b64820c1565e191d031c10bbb6c7909ac7870d644c4a7d4fde655cecee7dee205039ddd677faf437b77bdf77689494b6587c00

memory/1440-18-0x0000000002480000-0x00000000024CB000-memory.dmp

memory/1440-19-0x0000000002480000-0x00000000024CB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\shell.fne

MD5 43cfb3234b1c5a3a992471cab87fd03b
SHA1 02875bcdcc9d29a063f2d6848839c9edba980498
SHA256 e05e9a3013cea90dfaae22792171dc0d4fe23a29dabc73d30569cfb1aec20d0d
SHA512 70459802c7de41b28e45a83ce4e0fa4155d781e8ea9606f2d7b5e18bf41d839bf5e9842b4ee02077a5928d086a572880dac0b844c551ac2453866ae9c90afdc5

memory/1440-25-0x0000000002A40000-0x0000000002A51000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

MD5 2bea864617a808eb89b0cbe7a71c36d5
SHA1 a7d25b584bfb97b596fb049d74ef1ecf36833dca
SHA256 7f8fe538d117f1a0822cf9ae3c0ec75ad0d2382e276ca4b5a3d1b9ae0c8846e3
SHA512 32befdd42623558f03622b1647122308da96a37127c5509fda763ad210bbaf668a3a2ed059aa220ea10d8b7f72107b6d15a8f22669e4e0a4c8adf6f637a4cc3d

memory/1440-28-0x00000000031C0000-0x00000000031DE000-memory.dmp

memory/1440-32-0x00000000031C0000-0x00000000031DE000-memory.dmp

C:\Windows\SysWOW64\ADE119\E37CC5.EXE

MD5 4f7036c4e9f9908a8236e7d6b375cd5b
SHA1 04763a9de555b49e6395402045bab7f65cf31e26
SHA256 ddb527fa24d05933be035b41451bff51537281ba5d014c1c1fbe98d82bd40da9
SHA512 7dfa4356abc0639daf96be7893d071e97e1220117e0a42eab3406f789aafa03af653dc0d758fd26c5cc0fe9b2b9df18784625ae1a4d1f79a802ca5747fc547d2

memory/3896-38-0x0000000000400000-0x000000000043E000-memory.dmp

memory/3896-49-0x0000000010000000-0x000000001011C000-memory.dmp

memory/3896-53-0x0000000002120000-0x000000000216B000-memory.dmp

memory/3896-61-0x00000000028A0000-0x00000000028BE000-memory.dmp

memory/3896-57-0x00000000024C0000-0x00000000024D1000-memory.dmp

memory/2660-72-0x0000000010000000-0x000000001011C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E_4\RegEx.fnr

MD5 c8ee51a46296e396d4822f09eb9ed93f
SHA1 476c6f8176d910960698da7b5afe3c5e89f4fd98
SHA256 2e54f3fa93507f0e3a825d913c147bd646ccd8684eba788eca9cc795c56ecc9c
SHA512 bcfe1192e0397342b2bd462ccff78894286a4e4fc4275a1c91dceca91f318c5c0d48d7e6a3e55bf67216f7189750bd30201b75f5def5c742b2a21700df26f0fc

C:\Users\Admin\AppData\Local\Temp\E_4\spec.fne

MD5 e1adaec35e5e06073844b55ea8ed42e3
SHA1 5d8097adc257207e9c3465c3de3d9cc7f3b73b7c
SHA256 56de11959e7b195cb17166b1cb62fdfcea8f02b0b54f17287e6722d03002dcb5
SHA512 c9dcde2e326b18d322989fe3a181d272e42ddd287c475595a94badaa44a812ed10910983ee24cbbc8c761b81af082c5997c92d148474cdc70d5740ca450417e7

C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

MD5 726d6d25d017ed37e60d2b7fe73fefb2
SHA1 b891331a0fe23d1dddd135e5329048a4890870ee
SHA256 2a3b8358245e618a0de8cc43e96f993f841238bfd49f72cb092e717b707c3bdc
SHA512 ee6ceae7f438347c317a828834b23507740012604276e6a88159ad07c74822bad0621e2dc78160e04afecccd1e1b2b2e6d86d650ad6a36a858114a59be10df9d

C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

MD5 3bf9186e17b8bd593fd6f325b5b56df9
SHA1 473e42586cf6a6c7c82815f340e88db63cde3cd5
SHA256 2dafd7252612582851c75c6ce6f0436c6013c23e313a22e22b6348d7d095e00c
SHA512 46f09b3623025d54ea0c474f4a881572ebaf3450d83dc0d7ef467e157e5bc6ecf507175244934e694670fefc7a6402969e5911d511bcc365e7912e834d0c4d76

memory/2660-75-0x0000000002320000-0x000000000236B000-memory.dmp

memory/2660-81-0x0000000003080000-0x000000000309E000-memory.dmp

memory/2660-80-0x0000000002F60000-0x0000000002F71000-memory.dmp

memory/3020-92-0x0000000000400000-0x000000000043E000-memory.dmp

memory/3020-95-0x0000000002330000-0x000000000237B000-memory.dmp

memory/3020-101-0x0000000002830000-0x000000000284E000-memory.dmp

memory/3020-100-0x0000000002810000-0x0000000002821000-memory.dmp

memory/1440-103-0x0000000010000000-0x000000001011C000-memory.dmp

memory/1440-102-0x0000000000400000-0x000000000043E000-memory.dmp

memory/3804-114-0x0000000000400000-0x000000000043E000-memory.dmp

memory/3896-118-0x0000000010000000-0x000000001011C000-memory.dmp

memory/3804-119-0x0000000002360000-0x00000000023AB000-memory.dmp

memory/3896-117-0x0000000000400000-0x000000000043E000-memory.dmp

memory/3804-125-0x0000000002930000-0x000000000294E000-memory.dmp

memory/3804-124-0x0000000002790000-0x00000000027A1000-memory.dmp

memory/3088-127-0x0000000000400000-0x000000000043E000-memory.dmp

memory/3088-135-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2660-136-0x0000000000400000-0x000000000043E000-memory.dmp

memory/3088-137-0x0000000002020000-0x000000000206B000-memory.dmp

memory/3088-139-0x0000000002510000-0x000000000252E000-memory.dmp

memory/3088-138-0x00000000024F0000-0x0000000002501000-memory.dmp

memory/2976-145-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2976-144-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2976-146-0x0000000002160000-0x00000000021AB000-memory.dmp

memory/3020-147-0x0000000010000000-0x000000001011C000-memory.dmp

memory/3020-148-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2976-150-0x0000000003080000-0x000000000309E000-memory.dmp

memory/2976-149-0x0000000002810000-0x0000000002821000-memory.dmp

memory/2312-155-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2312-156-0x0000000002190000-0x00000000021DB000-memory.dmp

memory/3804-158-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2312-160-0x0000000002950000-0x000000000296E000-memory.dmp

memory/2312-159-0x0000000002810000-0x0000000002821000-memory.dmp

memory/3804-157-0x0000000000400000-0x000000000043E000-memory.dmp

memory/4196-165-0x0000000000400000-0x000000000043E000-memory.dmp

memory/3088-167-0x0000000010000000-0x000000001011C000-memory.dmp

memory/3088-166-0x0000000000400000-0x000000000043E000-memory.dmp

memory/4196-168-0x0000000002110000-0x000000000215B000-memory.dmp

memory/4196-169-0x0000000002110000-0x000000000215B000-memory.dmp

memory/4196-171-0x0000000002940000-0x000000000295E000-memory.dmp

memory/4196-170-0x0000000002910000-0x0000000002921000-memory.dmp

memory/660-176-0x0000000000400000-0x000000000043E000-memory.dmp

memory/660-177-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2976-179-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2976-178-0x0000000010000000-0x000000001011C000-memory.dmp

memory/660-180-0x0000000002250000-0x000000000229B000-memory.dmp

memory/660-182-0x0000000002820000-0x000000000283E000-memory.dmp

memory/660-181-0x00000000026F0000-0x0000000002701000-memory.dmp

memory/1380-187-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2312-189-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2312-188-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1380-190-0x00000000022A0000-0x00000000022EB000-memory.dmp

memory/1380-192-0x0000000003080000-0x000000000309E000-memory.dmp

memory/4196-194-0x0000000010000000-0x000000001011C000-memory.dmp

memory/4196-193-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1380-191-0x0000000002F60000-0x0000000002F71000-memory.dmp

memory/4848-199-0x0000000010000000-0x000000001011C000-memory.dmp

memory/660-201-0x0000000010000000-0x000000001011C000-memory.dmp

memory/660-200-0x0000000000400000-0x000000000043E000-memory.dmp

memory/4848-202-0x0000000002250000-0x000000000229B000-memory.dmp

memory/4848-204-0x0000000003080000-0x000000000309E000-memory.dmp

memory/4848-203-0x0000000002F60000-0x0000000002F71000-memory.dmp

memory/2988-209-0x00000000022A0000-0x00000000022EB000-memory.dmp

memory/2988-210-0x00000000025E0000-0x00000000025F1000-memory.dmp

memory/2988-211-0x00000000026A0000-0x00000000026BE000-memory.dmp

memory/4268-216-0x0000000000400000-0x000000000043E000-memory.dmp

memory/4268-219-0x0000000002360000-0x00000000023AB000-memory.dmp

memory/1380-218-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1380-217-0x0000000010000000-0x000000001011C000-memory.dmp

memory/4268-220-0x00000000028D0000-0x00000000028E1000-memory.dmp

memory/4268-221-0x0000000002F80000-0x0000000002F9E000-memory.dmp

memory/4848-223-0x0000000010000000-0x000000001011C000-memory.dmp

memory/4848-222-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2068-228-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2068-229-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2068-230-0x0000000002090000-0x00000000020DB000-memory.dmp

memory/2988-231-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2988-232-0x0000000010000000-0x000000001011C000-memory.dmp

memory/2068-234-0x0000000002730000-0x000000000274E000-memory.dmp

memory/2068-233-0x0000000002710000-0x0000000002721000-memory.dmp

memory/3328-239-0x0000000010000000-0x000000001011C000-memory.dmp

memory/3328-240-0x0000000002290000-0x00000000022DB000-memory.dmp

memory/4268-241-0x0000000000400000-0x000000000043E000-memory.dmp