Malware Analysis Report

2025-01-02 02:38

Sample ID 240718-vmsyda1ekc
Target 584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118
SHA256 1003f7e89b991f70994c9f1701f53b584819d5bf5510fc377b8a5cdc721e9cef
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1003f7e89b991f70994c9f1701f53b584819d5bf5510fc377b8a5cdc721e9cef

Threat Level: Known bad

The file 584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

XtremeRAT

Detect XtremeRAT payload

Boot or Logon Autostart Execution: Active Setup

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Drops file in System32 directory

Suspicious use of SetThreadContext

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-18 17:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-18 17:06

Reported

2024-07-18 17:09

Platform

win7-20240704-en

Max time kernel

138s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\msn\\msn.exe" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Windows\SysWOW64\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" C:\Windows\SysWOW64\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Windows\SysWOW64\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" N/A N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe N/A N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2848 set thread context of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 764 set thread context of 708 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2152 set thread context of 2172 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 2928 set thread context of 2312 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2448 set thread context of 2476 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 1628 set thread context of 824 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 1804 set thread context of 3004 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 1652 set thread context of 3060 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 2360 set thread context of 2724 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 1240 set thread context of 1576 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 1740 set thread context of 3008 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 1120 set thread context of 708 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 2960 set thread context of 1620 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2820 set thread context of 2124 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2332 set thread context of 2132 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 1956 set thread context of 2072 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2880 set thread context of 2972 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2824 set thread context of 3012 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 1512 set thread context of 1488 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2116 set thread context of 2680 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2128 set thread context of 2808 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2188 set thread context of 2640 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2848 set thread context of 2068 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 2188 set thread context of 3012 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 872 set thread context of 3132 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 3124 set thread context of 3256 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 3200 set thread context of 3280 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 3636 set thread context of 3684 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3644 set thread context of 3728 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3832 set thread context of 3888 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 3824 set thread context of 3896 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 3880 set thread context of 4028 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 4012 set thread context of 2004 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 4068 set thread context of 3148 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 3800 set thread context of 3876 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3736 set thread context of 3908 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3856 set thread context of 3256 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 4024 set thread context of 3008 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 4012 set thread context of 3804 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 3132 set thread context of 3980 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 3836 set thread context of 3760 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 4248 set thread context of 4308 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 4272 set thread context of 4372 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 4232 set thread context of 4388 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 4316 set thread context of 4496 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 4448 set thread context of 4584 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 4568 set thread context of 4648 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 4764 set thread context of 4816 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 4752 set thread context of 4836 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 4340 set thread context of 4320 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 4348 set thread context of 3952 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 4472 set thread context of 3732 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 4564 set thread context of 4084 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3008 set thread context of 4724 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 4696 set thread context of 4408 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 4848 set thread context of 4444 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 3112 set thread context of 4764 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 4352 set thread context of 4372 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 5292 set thread context of 5388 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 5312 set thread context of 5404 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 5380 set thread context of 5516 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 5440 set thread context of 5572 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 5536 set thread context of 5724 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe
PID 5644 set thread context of 5716 N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Windows\SysWOW64\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2848 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 2616 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2616 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2616 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2616 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2616 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2616 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2616 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2616 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\msn\msn.exe
PID 2616 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\msn\msn.exe
PID 764 wrote to memory of 708 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 764 wrote to memory of 708 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe

Processes

C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/2848-0-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2848-1-0x0000000000280000-0x00000000002E0000-memory.dmp

memory/2848-8-0x0000000003630000-0x0000000003730000-memory.dmp

memory/2848-7-0x0000000001F00000-0x0000000001F01000-memory.dmp

memory/2848-14-0x0000000003730000-0x0000000003731000-memory.dmp

memory/2848-20-0x0000000003650000-0x0000000003651000-memory.dmp

memory/2848-19-0x0000000000270000-0x0000000000271000-memory.dmp

memory/2848-18-0x0000000000220000-0x0000000000221000-memory.dmp

memory/2848-17-0x0000000003680000-0x0000000003681000-memory.dmp

memory/2848-16-0x0000000003680000-0x0000000003681000-memory.dmp

memory/2848-13-0x0000000003730000-0x0000000003731000-memory.dmp

memory/2848-12-0x0000000003730000-0x0000000003731000-memory.dmp

memory/2848-11-0x0000000003730000-0x0000000003731000-memory.dmp

memory/2848-10-0x0000000003630000-0x000000000363D000-memory.dmp

memory/2848-9-0x0000000003640000-0x0000000003641000-memory.dmp

memory/2848-6-0x0000000000660000-0x0000000000661000-memory.dmp

memory/2848-5-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

memory/2848-4-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

memory/2848-3-0x0000000000670000-0x0000000000671000-memory.dmp

memory/2848-2-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

memory/2616-22-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2616-24-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2848-27-0x0000000000280000-0x00000000002E0000-memory.dmp

memory/2848-26-0x00000000082D0000-0x000000000840D000-memory.dmp

memory/2848-25-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2744-33-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2744-35-0x0000000000C80000-0x0000000000C92000-memory.dmp

C:\Windows\SysWOW64\msn\msn.exe

MD5 584e2ea9edb16ee433d34e54aa1a60a8
SHA1 4c13e894c6c3b9d1556505cfe77f82d4b6bb166f
SHA256 1003f7e89b991f70994c9f1701f53b584819d5bf5510fc377b8a5cdc721e9cef
SHA512 45ebe94426233b28a45fd428192724b2d4d1c5a156383d91b9486f019e3cee067675f539c9f8bdc59c7058674941b8b64de9ea77419b9eb7b57929828c30a91b

memory/764-40-0x0000000000400000-0x000000000053D000-memory.dmp

memory/764-47-0x0000000000400000-0x000000000053D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\k1nERt.cfg

MD5 5f8e28435fdbdb28c38ba353dfc715ba
SHA1 3003280548e7cf84daafac929afdb85d194d553e
SHA256 23cf6335558da047e0df56b0edbb9106a6e6623a196c8fa42ceaee6fc66613c9
SHA512 9975a7a35cb49d9051a046d0ff04481d87df56270d4edbcd88bd4477c1f9a14deefa1693bd333cc2353c6e1f492c255e7d7eb5279a39dbcd45fa934563fc6ecc

memory/2152-63-0x0000000000400000-0x000000000053D000-memory.dmp

memory/708-62-0x0000000004A40000-0x0000000004B7D000-memory.dmp

memory/2928-69-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2152-77-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2928-82-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2448-86-0x0000000000400000-0x000000000053D000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1628-93-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2448-100-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1804-103-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1628-110-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1804-117-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1652-122-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1652-129-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1240-139-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2360-136-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2360-146-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2744-135-0x0000000003060000-0x000000000319D000-memory.dmp

memory/1240-156-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1740-162-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1120-166-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1120-173-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2960-179-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1956-189-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2960-194-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2820-201-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2332-185-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2332-209-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1956-215-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2744-220-0x0000000003150000-0x000000000328D000-memory.dmp

memory/2880-221-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1512-231-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2824-229-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2744-228-0x0000000002B40000-0x0000000002C7D000-memory.dmp

memory/2880-238-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2824-248-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2116-254-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1512-257-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2128-266-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2116-271-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2128-280-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2188-286-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2848-291-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2188-295-0x0000000000400000-0x000000000053D000-memory.dmp

memory/872-300-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2848-303-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2188-312-0x0000000000400000-0x000000000053D000-memory.dmp

memory/3124-319-0x0000000000400000-0x000000000053D000-memory.dmp

memory/872-321-0x0000000000400000-0x000000000053D000-memory.dmp

memory/3200-326-0x0000000000400000-0x000000000053D000-memory.dmp

memory/3124-330-0x0000000000400000-0x000000000053D000-memory.dmp

memory/3200-336-0x0000000000400000-0x000000000053D000-memory.dmp

memory/3636-339-0x0000000000400000-0x000000000053D000-memory.dmp

memory/3644-342-0x0000000000400000-0x000000000053D000-memory.dmp

memory/3636-348-0x0000000000400000-0x000000000053D000-memory.dmp

memory/3644-352-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2744-613-0x0000000002B40000-0x0000000002C7D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-18 17:06

Reported

2024-07-18 17:09

Platform

win10v2004-20240709-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Windows\SysWOW64\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Windows\SysWOW64\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Windows\SysWOW64\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\msn\\msn.exe" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\msn\\msn.exe restart" C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2} C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe restart" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB5108-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\msn\\msn.exe restart" C:\Windows\SysWOW64\msn\msn.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\msn\msn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\msn\msn.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\system32\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\system32\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\system32\\msn\\msn.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\system32\\msn\\msn.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\system32\\msn\\msn.exe" C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Windows\\system32\\msn\\msn.exe" C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Windows\\SysWOW64\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCUk = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Windows\SysWOW64\msn\msn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLMh = "C:\\Users\\Admin\\AppData\\Roaming\\msn\\msn.exe" C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
File opened for modification C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\msn\msn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\msn\msn.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 632 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
PID 3744 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 3744 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 3744 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 3744 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3744 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3744 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 3916 wrote to memory of 5108 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\msn\msn.exe
PID 5108 wrote to memory of 2332 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\svchost.exe
PID 5108 wrote to memory of 2332 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\svchost.exe
PID 5108 wrote to memory of 2332 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Windows\SysWOW64\svchost.exe
PID 5108 wrote to memory of 3636 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5108 wrote to memory of 3636 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5108 wrote to memory of 3636 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5108 wrote to memory of 4456 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5108 wrote to memory of 4456 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5108 wrote to memory of 4456 N/A C:\Windows\SysWOW64\msn\msn.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\system32\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Windows\SysWOW64\msn\msn.exe

"C:\Windows\SysWOW64\msn\msn.exe"

C:\Users\Admin\AppData\Roaming\msn\msn.exe

"C:\Users\Admin\AppData\Roaming\msn\msn.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 216.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 almoooot.myftp.org udp
US 8.8.8.8:53 154.141.79.40.in-addr.arpa udp

Files

memory/632-0-0x0000000000400000-0x000000000053D000-memory.dmp

memory/632-1-0x0000000002300000-0x0000000002360000-memory.dmp

memory/632-8-0x0000000003B80000-0x0000000003B81000-memory.dmp

memory/632-14-0x0000000003C70000-0x0000000003C71000-memory.dmp

memory/632-30-0x0000000003B90000-0x0000000003B91000-memory.dmp

memory/632-29-0x00000000022A0000-0x00000000022A1000-memory.dmp

memory/632-28-0x00000000006D0000-0x00000000006D1000-memory.dmp

memory/632-27-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-26-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-25-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-24-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-23-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-22-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-21-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-20-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-19-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-17-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-16-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-15-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

memory/632-13-0x0000000003C70000-0x0000000003C71000-memory.dmp

memory/632-12-0x0000000003C70000-0x0000000003C71000-memory.dmp

memory/632-11-0x0000000003C70000-0x0000000003C71000-memory.dmp

memory/632-9-0x0000000003B70000-0x0000000003B7D000-memory.dmp

memory/632-6-0x00000000024D0000-0x00000000024D1000-memory.dmp

memory/632-2-0x00000000024F0000-0x00000000024F1000-memory.dmp

memory/632-10-0x0000000003C70000-0x0000000003C71000-memory.dmp

memory/632-7-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/632-5-0x0000000002510000-0x0000000002511000-memory.dmp

memory/632-4-0x0000000002540000-0x0000000002541000-memory.dmp

memory/632-3-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/3744-32-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/3744-34-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/632-36-0x0000000002300000-0x0000000002360000-memory.dmp

memory/632-35-0x0000000000400000-0x000000000053D000-memory.dmp

C:\Windows\SysWOW64\msn\msn.exe

MD5 584e2ea9edb16ee433d34e54aa1a60a8
SHA1 4c13e894c6c3b9d1556505cfe77f82d4b6bb166f
SHA256 1003f7e89b991f70994c9f1701f53b584819d5bf5510fc377b8a5cdc721e9cef
SHA512 45ebe94426233b28a45fd428192724b2d4d1c5a156383d91b9486f019e3cee067675f539c9f8bdc59c7058674941b8b64de9ea77419b9eb7b57929828c30a91b

memory/5108-104-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/3916-106-0x0000000000400000-0x000000000053D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\k1nERt.cfg

MD5 5f8e28435fdbdb28c38ba353dfc715ba
SHA1 3003280548e7cf84daafac929afdb85d194d553e
SHA256 23cf6335558da047e0df56b0edbb9106a6e6623a196c8fa42ceaee6fc66613c9
SHA512 9975a7a35cb49d9051a046d0ff04481d87df56270d4edbcd88bd4477c1f9a14deefa1693bd333cc2353c6e1f492c255e7d7eb5279a39dbcd45fa934563fc6ecc

memory/3660-171-0x0000000000400000-0x000000000053D000-memory.dmp

memory/956-176-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/3660-178-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1620-185-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/988-188-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2876-193-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/988-195-0x0000000000400000-0x000000000053D000-memory.dmp

memory/4744-258-0x0000000000400000-0x000000000053D000-memory.dmp

memory/4440-263-0x0000000000400000-0x000000000053D000-memory.dmp

memory/4744-274-0x0000000000400000-0x000000000053D000-memory.dmp

memory/4440-276-0x0000000000400000-0x000000000053D000-memory.dmp

memory/1684-285-0x0000000000C80000-0x0000000000C92000-memory.dmp