Malware Analysis Report

2025-01-02 02:47

Sample ID 240718-r5zl4awemh
Target 57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118
SHA256 e00905ea366cb3bab0ed0d5cac3a3b2fac8be857477cd12e0888ceb778e51ddd
Tags
xtremerat evasion persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e00905ea366cb3bab0ed0d5cac3a3b2fac8be857477cd12e0888ceb778e51ddd

Threat Level: Known bad

The file 57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat evasion persistence rat spyware

Detect XtremeRAT payload

XtremeRAT

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Boot or Logon Autostart Execution: Active Setup

Checks computer location settings

Identifies Wine through registry keys

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-18 14:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-18 14:47

Reported

2024-07-18 14:49

Platform

win7-20240708-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2652 set thread context of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 3048 set thread context of 2156 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2760 set thread context of 2492 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2756 set thread context of 2096 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 1060 set thread context of 1756 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 1640 set thread context of 2328 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2128 set thread context of 696 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2544 set thread context of 2744 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 1308 set thread context of 2976 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 576 set thread context of 1640 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 948 set thread context of 960 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2660 set thread context of 2776 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 484 set thread context of 3012 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2360 set thread context of 2484 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 1740 set thread context of 644 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 948 set thread context of 236 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2524 set thread context of 1380 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 408 set thread context of 3056 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3008 set thread context of 2032 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 1304 set thread context of 932 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 1640 set thread context of 1680 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2824 set thread context of 1628 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2432 set thread context of 3100 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2876 set thread context of 3184 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3364 set thread context of 3524 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3548 set thread context of 3712 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3768 set thread context of 3908 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4016 set thread context of 848 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3092 set thread context of 3148 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2960 set thread context of 3456 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3540 set thread context of 3668 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3800 set thread context of 2456 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3824 set thread context of 2168 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2328 set thread context of 2116 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3532 set thread context of 4020 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2056 set thread context of 3744 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3680 set thread context of 2000 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3164 set thread context of 2456 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3604 set thread context of 1656 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3996 set thread context of 3016 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 848 set thread context of 3636 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3088 set thread context of 3164 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2112 set thread context of 848 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3928 set thread context of 3996 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3144 set thread context of 3864 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4080 set thread context of 4152 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4172 set thread context of 4472 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4196 set thread context of 4512 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4520 set thread context of 4712 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4788 set thread context of 4936 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5032 set thread context of 4176 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2188 set thread context of 4288 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4492 set thread context of 4516 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4672 set thread context of 4868 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4224 set thread context of 4248 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4296 set thread context of 5064 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4616 set thread context of 4316 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4268 set thread context of 4348 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5096 set thread context of 4920 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4296 set thread context of 1124 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3460 set thread context of 1028 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4832 set thread context of 5100 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4724 set thread context of 4812 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2876 set thread context of 5172 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2652 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2300 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2300 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2300 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2300 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2300 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2300 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2300 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2300 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2300 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3048 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3048 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

Processes

C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/2652-0-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2652-1-0x0000000077050000-0x0000000077052000-memory.dmp

memory/2652-4-0x0000000000401000-0x0000000000428000-memory.dmp

memory/2652-5-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2300-6-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2652-9-0x0000000004B90000-0x0000000004E5F000-memory.dmp

memory/2300-10-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2652-12-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2300-8-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2300-7-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2804-18-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2804-17-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

MD5 57d3f7529a5839dde7f8b7cc16681bc2
SHA1 efc16c86fc9fc3c9b0d3677e9d9c0d28b34b7115
SHA256 e00905ea366cb3bab0ed0d5cac3a3b2fac8be857477cd12e0888ceb778e51ddd
SHA512 980ef29568044993b3e1c6c8e3f531325c691befd1936851c1945c15aadce82d87caefe8d1273cd54b6781792d734f86a753bfdc507c05282389fb7a9eb12350

memory/3048-26-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/3048-25-0x0000000000401000-0x0000000000428000-memory.dmp

memory/3048-32-0x0000000000400000-0x00000000006CF000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\XY53cGu73.cfg

MD5 9437d4af2cf75e0c17d40925479075dd
SHA1 4fea688090d756e07f22e129a5180f254d99d2f2
SHA256 bb1fd08583008d3d2a5216919f2c3b7854628e74c20999361674463ad364f29a
SHA512 adee95b1c77019513902f36cc973cc591d4bbbae3641d08a8aa9d2a35d34b88574dc2d307c115c9201e245059011b8d46f5f887d99a0181057147815cbb8ab95

memory/2756-35-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2760-38-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2760-47-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2756-52-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/1060-58-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/1060-65-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/1640-67-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/1640-76-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2128-82-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2464-84-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2544-86-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2128-93-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2464-97-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2544-108-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/1308-112-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/1308-118-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/576-122-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2804-124-0x0000000002F20000-0x00000000031EF000-memory.dmp

memory/948-125-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/576-132-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/948-140-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2660-145-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2660-152-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/484-157-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/484-165-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2360-172-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/1740-183-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/948-192-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2524-203-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/408-210-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/3008-220-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2804-275-0x0000000002F20000-0x00000000031EF000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-18 14:47

Reported

2024-07-18 14:49

Platform

win10v2004-20240709-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP} C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{U26Y3RL8-7V25-1E0S-S40X-5O6O20TO3XRP}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe restart" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\Winrar\\Winrar.exe" C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4068 set thread context of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 2776 set thread context of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5016 set thread context of 4228 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3052 set thread context of 4272 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4028 set thread context of 4960 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2172 set thread context of 2008 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4836 set thread context of 4472 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2360 set thread context of 2744 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4872 set thread context of 972 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4116 set thread context of 4216 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2036 set thread context of 1476 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3272 set thread context of 1420 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 668 set thread context of 4504 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3768 set thread context of 3656 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4440 set thread context of 4676 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4036 set thread context of 2572 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 456 set thread context of 2496 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 776 set thread context of 2808 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5104 set thread context of 2292 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 860 set thread context of 1332 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3656 set thread context of 3384 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 4572 set thread context of 5232 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 1676 set thread context of 5272 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5352 set thread context of 5488 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5592 set thread context of 5736 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5848 set thread context of 5988 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6060 set thread context of 1740 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5244 set thread context of 5080 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5384 set thread context of 5744 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5688 set thread context of 5892 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6032 set thread context of 5312 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5752 set thread context of 5388 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5624 set thread context of 5724 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3384 set thread context of 5896 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5992 set thread context of 4332 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5008 set thread context of 5420 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5688 set thread context of 2340 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3244 set thread context of 6004 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5396 set thread context of 5696 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2356 set thread context of 60 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6040 set thread context of 5128 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5008 set thread context of 5440 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5668 set thread context of 5280 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5160 set thread context of 2868 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6040 set thread context of 6196 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 3548 set thread context of 6232 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6356 set thread context of 6608 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6324 set thread context of 6600 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6792 set thread context of 6936 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6980 set thread context of 7136 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6132 set thread context of 5156 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6284 set thread context of 6516 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6388 set thread context of 6324 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 7020 set thread context of 5432 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6564 set thread context of 464 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6660 set thread context of 5216 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 5168 set thread context of 5128 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6448 set thread context of 5776 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 7132 set thread context of 6400 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6696 set thread context of 6364 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6492 set thread context of 7064 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6188 set thread context of 6392 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6520 set thread context of 6456 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 6408 set thread context of 4392 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 4068 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe
PID 1004 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1004 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1004 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1004 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1004 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 1004 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 1004 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 2776 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe
PID 1500 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\57d3f7529a5839dde7f8b7cc16681bc2_JaffaCakes118.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

"C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp

Files

memory/4068-0-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/4068-1-0x0000000077D24000-0x0000000077D26000-memory.dmp

memory/4068-3-0x0000000000401000-0x0000000000428000-memory.dmp

memory/4068-5-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/1004-7-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1004-6-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1004-8-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4068-10-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2904-14-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Winrar\Winrar.exe

MD5 57d3f7529a5839dde7f8b7cc16681bc2
SHA1 efc16c86fc9fc3c9b0d3677e9d9c0d28b34b7115
SHA256 e00905ea366cb3bab0ed0d5cac3a3b2fac8be857477cd12e0888ceb778e51ddd
SHA512 980ef29568044993b3e1c6c8e3f531325c691befd1936851c1945c15aadce82d87caefe8d1273cd54b6781792d734f86a753bfdc507c05282389fb7a9eb12350

memory/2776-17-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2776-21-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2776-20-0x0000000000401000-0x0000000000428000-memory.dmp

memory/2776-27-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/1500-25-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\XY53cGu73.cfg

MD5 9437d4af2cf75e0c17d40925479075dd
SHA1 4fea688090d756e07f22e129a5180f254d99d2f2
SHA256 bb1fd08583008d3d2a5216919f2c3b7854628e74c20999361674463ad364f29a
SHA512 adee95b1c77019513902f36cc973cc591d4bbbae3641d08a8aa9d2a35d34b88574dc2d307c115c9201e245059011b8d46f5f887d99a0181057147815cbb8ab95

memory/5016-32-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/4228-38-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5016-40-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/3052-50-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/4028-61-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2172-66-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2172-72-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/4836-77-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/4836-85-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2360-95-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/4872-97-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/4872-107-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/4116-117-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2036-122-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/2036-129-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/3272-134-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/3272-141-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/668-151-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/3768-156-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/3768-163-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/4440-174-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/4036-185-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/456-190-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/456-196-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/776-201-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/776-211-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/5104-218-0x0000000000400000-0x00000000006CF000-memory.dmp

memory/860-228-0x0000000000400000-0x00000000006CF000-memory.dmp