Malware Analysis Report

2025-06-16 01:04

Sample ID 221123-sz6c5afg41
Target 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3

Threat Level: Known bad

The file 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

Xtremerat family

Detect XtremeRAT payload

XtremeRAT

Modifies Installed Components in the registry

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-11-23 15:34

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

Xtremerat family

xtremerat

Analysis: behavioral1

Detonation Overview

Submitted

2022-11-23 15:34

Reported

2022-11-23 16:50

Platform

win7-20221111-en

Max time kernel

170s

Max time network

33s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File created C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1244 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Windows\SysWOW64\svchost.exe
PID 1244 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Windows\SysWOW64\svchost.exe
PID 1244 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Windows\SysWOW64\svchost.exe
PID 1244 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Windows\SysWOW64\svchost.exe
PID 1244 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Windows\SysWOW64\svchost.exe
PID 1244 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1244 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2024 wrote to memory of 1760 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe
PID 2024 wrote to memory of 1760 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe
PID 2024 wrote to memory of 1760 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe
PID 2024 wrote to memory of 1760 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe
PID 1760 wrote to memory of 1484 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 1484 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 1484 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 1484 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 1484 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 944 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 944 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 944 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 944 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 944 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 1352 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 1352 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 1352 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 1352 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1760 wrote to memory of 1352 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2024 wrote to memory of 968 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe

"C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

Network

N/A

Files

memory/1244-54-0x0000000076531000-0x0000000076533000-memory.dmp

memory/2024-55-0x0000000013140000-0x000000001315C000-memory.dmp

memory/2024-57-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2024-60-0x0000000013140000-0x000000001315C000-memory.dmp

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/1760-63-0x0000000000000000-mapping.dmp

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/968-68-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/1968-73-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/1140-78-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/880-82-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2028-87-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/1644-91-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/968-96-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/880-100-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2092-105-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2192-110-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2292-114-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2392-119-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2492-123-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2592-128-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2708-132-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2868-137-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2968-141-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2104-146-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2124-150-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-11-23 15:34

Reported

2022-11-23 16:50

Platform

win10v2004-20220812-en

Max time kernel

165s

Max time network

173s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{125F8TS8-M553-O7Q1-X716-3QV1O2S6RBN7} C:\Windows\InstallDir\Server.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File created C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\svchost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2752 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Windows\SysWOW64\svchost.exe
PID 2752 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Windows\SysWOW64\svchost.exe
PID 2752 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Windows\SysWOW64\svchost.exe
PID 2752 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Windows\SysWOW64\svchost.exe
PID 2752 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2752 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1572 wrote to memory of 4824 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe
PID 1572 wrote to memory of 4824 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe
PID 1572 wrote to memory of 4824 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe
PID 4824 wrote to memory of 4808 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 4808 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 4808 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 924 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 924 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 924 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 4344 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 4344 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 4344 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 2116 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 2116 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 2116 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 1524 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 1524 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 1524 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 5000 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 5000 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 5000 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 628 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 628 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 628 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 4616 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4824 wrote to memory of 4616 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1572 wrote to memory of 2400 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe
PID 1572 wrote to memory of 2400 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe
PID 1572 wrote to memory of 2400 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\InstallDir\Server.exe
PID 2400 wrote to memory of 3284 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3284 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3284 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 380 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 380 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 380 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3388 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3388 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe

"C:\Users\Admin\AppData\Local\Temp\2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
N/A 72.21.91.29:80 tcp
N/A 72.21.91.29:80 tcp
N/A 204.79.197.200:443 tcp
N/A 20.189.173.10:443 tcp
N/A 8.253.208.113:80 tcp
N/A 8.253.208.113:80 tcp
N/A 209.197.3.8:80 tcp

Files

memory/1572-132-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/1572-134-0x0000000013140000-0x000000001315C000-memory.dmp

memory/4824-135-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/2400-138-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/1724-141-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/4560-144-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/4388-147-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/1400-150-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/4048-153-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/1504-156-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/2428-159-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/5076-162-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/3156-165-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/536-168-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2044-171-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/4824-174-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/1664-177-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/4372-180-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/1252-183-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/1952-186-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/3316-189-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/5052-192-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

memory/2840-195-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/1828-198-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/1644-201-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/2588-204-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/4376-207-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/4460-210-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7

memory/4388-213-0x0000000000000000-mapping.dmp

C:\Windows\InstallDir\Server.exe

MD5 4b2e7f44bf76521b22ba1e0758dc4124
SHA1 096bf75946f53ee392d67c03712efcae4d0d39aa
SHA256 2b4c7b8bb35321044cd7ec894f8c73d6e08513f39948b90df76df6b5abe137f3
SHA512 24b83516d136b0024d2fd7e7f5444e7d849768f792466cc176c3beca50c659a423ea3fbe638ca4de16d22e3440cd06ad3bf2a5796080a39df4bb203b4c6932ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7EJAgWm&.cfg

MD5 a85fa40f2c74ad4c9ad747b0569ce9bf
SHA1 2766477062cab9ab66c287443a8aed1aa5ae1c64
SHA256 933d409050cf9918964c1529ae6fcf259cc1fee76fb502468ffb460636a60351
SHA512 562d369f63cc8ed3668398b214f19b9c4bbfec8df40bc7811cafa711caef9152399e7c5a57db0370c83dd7078eeccd29a3e8767017762d240fb3b7c1b79c26e7